<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- saved from url=(0093)https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.hashers.check_password -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="translated-ltr"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    
    <meta http-equiv="Content-Language" content="en-us">
    <title>Django | User authentication in Django | Django documentation</title>
    <meta name="ROBOTS" content="ALL">
    <meta http-equiv="imagetoolbar" content="no">
    <meta name="MSSmartTagsPreventParsing" content="true">
    <meta name="Copyright" content="Django Software Foundation">
    <meta name="keywords" content="Python, Django, framework, open-source">
    <meta name="description" content="Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.">
    <link href="./Django   User authentication in Django   Django documentation111_files/base.css" rel="stylesheet" type="text/css" media="screen">
    <link href="./Django   User authentication in Django   Django documentation111_files/print.css" rel="stylesheet" type="text/css" media="print">
    
  
  <link rel="stylesheet" href="./Django   User authentication in Django   Django documentation111_files/docs.css" type="text/css">
  <link rel="stylesheet" href="./Django   User authentication in Django   Django documentation111_files/pygments.css" type="text/css">

  <link type="text/css" rel="stylesheet" charset="UTF-8" href="./Django   User authentication in Django   Django documentation111_files/translateelement.css"><script type="text/javascript" charset="UTF-8" src="./Django   User authentication in Django   Django documentation111_files/main.js"></script><script type="text/javascript" charset="UTF-8" src="./Django   User authentication in Django   Django documentation111_files/element_main.js"></script></head>
  <body id="documentation" class="default">
  <div id="goog-gt-tt" class="goog-tooltip skiptranslate" style="visibility: hidden; display: none; left: 629px; top: 7871px; "><div style="overflow:hidden"><div class="logo"><img src="./Django   User authentication in Django   Django documentation111_files/mini_google.png"></div><a class="close-button" href="javascript:void(0)" title="Close"><img src="./Django   User authentication in Django   Django documentation111_files/cleardot.gif" width="15" height="15" style="background-image:url(https://translate.googleapis.com/translate_static/img/te_ctrl3.gif); background-position:-28px 0px"></a></div><div class="top"><hr style="color: #CCC; background-color: #CCC; height: 1px; border: none;"><div class="title left">Original Text:</div></div><div class="middle"><div class="gt-hl-layer" style="box-sizing: content-box; width: 420px; height: 48px; left: 12px; top: 59px; padding-left: 0px; padding-right: 0px; display: none; " dir=""></div><div class="original-text">If you'd like to manually authenticate a user by comparing a plain-text password to the hashed password in the database, use the convenience function django.contrib.auth.hashers.check_password() .</div></div><div class="bottom"><div class="activity-links" style="display: inline-block; "><span class="activity-link">Show alternative translations</span></div><div class="started-activity-container" style="display: none; "><hr style="color: #CCC; background-color: #CCC; height: 1px; border: none;"><div class="activity-root"></div></div></div><div class="status-message" style="display: none; opacity: 0; "></div></div><div id="container">
    <div id="header">
      <h1 id="logo"><a href="https://www.djangoproject.com/"><img src="./Django   User authentication in Django   Django documentation111_files/hdr_logo.gif" alt="Django"></a></h1>
      <ul id="nav-global">
        <li id="nav-homepage"><a href="https://www.djangoproject.com/"><font><font>家</font></font></a></li>
        <li id="nav-download"><a href="https://www.djangoproject.com/download/"><font><font>下载</font></font></a></li>
        <li id="nav-documentation"><a href="https://docs.djangoproject.com/"><font><font>文档</font></font></a></li>
        <li id="nav-weblog"><a href="https://www.djangoproject.com/weblog/"><font><font>博客</font></font></a></li>
        <li id="nav-community"><a href="https://www.djangoproject.com/community/"><font><font>社区</font></font></a></li>
        <li id="nav-code"><a href="https://code.djangoproject.com/"><font><font>码</font></font></a></li>
      </ul>
    </div>
    <!-- END Header -->
    <div id="billboard">
  <h2><a href="https://docs.djangoproject.com/en/1.4/"><font><font>Django文档</font></font></a></h2>
</div>
    <div id="columnwrap">
      
		<div id="content-main">
		


  
  
  <ul id="doc-versions">
      
        
          <li class="other">
            <a href="https://docs.djangoproject.com/en/1.0/topics/auth/">1.0</a></li>
        
      
        
          <li class="other">
            <a href="https://docs.djangoproject.com/en/1.1/topics/auth/">1.1</a></li>
        
      
        
          <li class="other">
            <a href="https://docs.djangoproject.com/en/1.2/topics/auth/">1.2</a></li>
        
      
        
          <li class="other">
            <a href="https://docs.djangoproject.com/en/1.3/topics/auth/">1.3</a></li>
        
      
        
      
        
          <li class="other">
            <a href="https://docs.djangoproject.com/en/dev/topics/auth/">dev</a></li>
        
      
      <li class="current" title="This document describes Django 1.4. Click on the links on the left to see other versions.">
        <span><font><font>文件版本：
           </font></font><strong><font><font>1.4</font></font></strong>
        </span>
      </li>
  </ul>
  <div class="section" id="s-module-django.contrib.auth">
<span id="s-user-authentication-in-django"></span><span id="module-django.contrib.auth"></span><span id="user-authentication-in-django"></span><h1><font><font>在Django中的用户身份验证</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#module-django.contrib.auth" title="Permalink to this headline"><font><font>¶</font></font></a></h1>
<p><font><font>Django自带了一个用户的身份验证系统。</font><font>它可以处理用户帐户，组，权限和基于cookie的用户会话。</font><font>这个文件解释事情是如何工作的。</font></font></p>
<div class="section" id="s-overview">
<span id="overview"></span><h2><font><font>概述</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#overview" title="Permalink to this headline"><font><font>¶</font></font></a></h2>
<p><font><font>认证系统包括：</font></font></p>
<ul class="simple">
<li><font><font>用户</font></font></li>
<li><font><font>权限：二进制（是/否）指定用户是否可以执行特定任务的标志。</font></font></li>
<li><font><font>组：多个用户应用标签和权限的一个通用的方法。</font></font></li>
</ul>
</div>
<div class="section" id="s-installation">
<span id="installation"></span><h2><font><font>安装</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#installation" title="Permalink to this headline"><font><font>¶</font></font></a></h2>
<p><font><font>捆绑认证支持作为Django应用程序
 </font></font><tt class="docutils literal"><span class="pre"><font><font>django.contrib.auth</font></font></span></tt><font><font>。</font><font>要安装它，做到以下几点：</font></font></p>
<ol class="arabic simple">
<li><font><font>把</font></font><tt class="docutils literal"><span class="pre"><font><font>'django.contrib.auth'</font></font></span></tt><font><font>和</font></font><tt class="docutils literal"><span class="pre"><font><font>'django.contrib.contenttypes“</font></font></span></tt><font><font>在你的</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-INSTALLED_APPS"><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>INSTALLED_APPS中</font></font></span></tt></a><font><font>设置。</font><font>（</font></font><tt class="xref py py-class docutils literal"><span class="pre"><font><font>权限</font></font></span></tt><font><font>模型
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#module-django.contrib.auth" title="django.contrib.auth: Django&#39;s authentication framework."><tt class="xref py py-mod docutils literal"><span class="pre"><font><font>django.contrib.auth</font></font></span></tt></a><font><font>取决于</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/contrib/contenttypes/#module-django.contrib.contenttypes" title="django.contrib.contenttypes: Provides generic interface to installed models."><tt class="xref py py-mod docutils literal"><span class="pre"><font><font>django.contrib.contenttypes</font></font></span></tt></a><font><font>。）</font></font></li>
<li><font><font>运行</font></font><tt class="docutils literal"><span class="pre"><font><font>manage.py</font></font></span> <span class="pre"><font></font></span></tt><font><font>命令</font><tt class="docutils literal"><span class="pre"><font>的SyncDB</font></span></tt><font>。</font></font></li>
</ol>
<p><font><font>注意：默认</font></font><tt class="file docutils literal"><span class="pre"><font><font>settings.py</font></font></span></tt><font><font>文件创建
</font><font>方便。</font><font>如果你的</font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-INSTALLED_APPS"><tt class="xref std std-setting docutils literal"><span class="pre"><font>INSTALLED_APPS中</font></span></tt></a><font> 
已经包含了这些应用程序，随时</font><font>再次</font><font>运行</font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-syncdb"><tt class="xref std std-djadmin docutils literal"><span class="pre"><font>manage.py </font></span></tt></a><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-syncdb"><tt class="xref std std-djadmin docutils literal"><span class="pre"><font>的SyncDB</font></span></tt></a><font>很多次，只要你愿意，每次将只安装需要什么你可以运行该命令。</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-startproject"><tt class="xref std std-djadmin docutils literal"><span class="pre"><font></font></span> <span class="pre"><font></font></span></tt></a><font></font><tt class="docutils literal"><span class="pre"><font></font></span></tt><font></font><tt class="docutils literal"><span class="pre"><font></font></span></tt><font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-INSTALLED_APPS"><tt class="xref std std-setting docutils literal"><span class="pre"><font></font></span></tt></a><font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-INSTALLED_APPS"><tt class="xref std std-setting docutils literal"><span class="pre"><font></font></span></tt></a><font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-syncdb"><tt class="xref std std-djadmin docutils literal"><span class="pre"><font></font></span> <span class="pre"><font></font></span></tt></a><font></font></p>
<p><font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-syncdb"><tt class="xref std std-djadmin docutils literal"><span class="pre"><font><font>的SyncDB</font></font></span></tt></a><font><font>命令创建必要的数据库表，创建权限对象为所有已安装的应用程序，需要他们，并提示你创建一个超级用户帐户首次运行它。</font></font></p>
<p><font><font>一旦你采取这些步骤，就是这样。</font></font></p>
</div>
<div class="section" id="s-users">
<span id="users"></span><h2><font><font>用户</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#users" title="Permalink to this headline"><font><font>¶</font></font></a></h2>
<dl class="class">
<dt id="django.contrib.auth.models.User">
<em class="property"><font><font>类</font></font></em><tt class="descclassname"><font><font>模型。</font></font></tt><tt class="descname"><font><font>用户</font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd></dd></dl>

<div class="section" id="s-api-reference">
<span id="api-reference"></span><h3><font><font>API参考</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#api-reference" title="Permalink to this headline"><font><font>¶</font></font></a></h3>
<div class="section" id="s-fields">
<span id="fields"></span><h4><font><font>领域</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#fields" title="Permalink to this headline"><font><font>¶</font></font></a></h4>
<dl class="class">
<dt>
<em class="property"><font><font>类</font></font></em><tt class="descclassname"><font><font>模型。</font></font></tt><tt class="descname"><font><font>用户</font></font></tt></dt>
<dd><p><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象有下列领域：</font></font></p>
<dl class="attribute">
<dt id="django.contrib.auth.models.User.username">
<tt class="descname"><font><font>用户名</font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.username" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>必需的。</font><font>30个字符或更少。</font><font>只有字母数字字符（字母，数字和下划线）。</font></font></p>
<div class="versionchanged">
<span class="title"><font><font>在Django 1.2改变：</font></font></span><font><font>用户名现在可以包含</font><font>，</font><tt class="docutils literal"><span class="pre"><font>+</font></span></tt><font>，</font><tt class="docutils literal"><span class="pre"><font>和</font></span></tt><tt class="docutils literal"><span class="pre"><font>-</font></span></tt><font>字符。</font></font><tt class="docutils literal"><span class="pre"><font></font></span></tt><font></font><tt class="docutils literal"><span class="pre"><font></font></span></tt><font></font><tt class="docutils literal"><span class="pre"><font></font></span></tt><font></font><tt class="docutils literal"><span class="pre"><font></font></span></tt><font></font></div>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.first_name">
<tt class="descname"><font><font>FIRST_NAME </font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.first_name" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>可选的。</font><font>30个字符或更少。</font></font></p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.last_name">
<tt class="descname"><font><font>LAST_NAME </font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.last_name" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>可选的。</font><font>30个字符或更少。</font></font></p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.email">
<tt class="descname"><font><font>电子邮件</font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.email" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>可选的。</font><font>电子邮件地址。</font></font></p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.password">
<tt class="descname"><font><font>密码</font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.password" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>必需的。</font><font>哈希，和元数据，密码。</font><font>（Django的不保存原始密码）。原始密码可以任意长，并且可以包含任何字符。</font><font>见“密码”一节。</font></font></p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.is_staff">
<tt class="descname"><font><font>is_staff </font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_staff" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>布尔值。</font><font>指定用户是否可以访问管理员站点。</font></font></p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.is_active">
<tt class="descname"><font><font>的is_active </font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_active" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>布尔值。</font><font>指定该用户帐户是否应被视为积极的。</font><font>我们建议您将此标志设置为False </font></font><tt class="xref docutils literal"><span class="pre"><font><font>，</font></font></span></tt><font><font>而不是删除帐户，这样，如果你的应用对用户有任何外键，外键不会打破。</font></font></p>
<p><font><font>这并不控制用户是否可以登录验证后端不需要检查为</font></font><tt class="docutils literal"><span class="pre"><font><font>的is_active</font></font></span></tt><font><font> 
标志，所以如果你想拒绝根据登录</font></font><tt class="docutils literal"><span class="pre"><font><font>的is_active</font></font></span></tt><font><font>是
 </font></font><tt class="xref docutils literal"><span class="pre"><font><font>假的</font></font></span></tt><font><font>，这是你检查，在自己登录的看法。</font><font>然而，</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.AuthenticationForm" title="django.contrib.auth.forms.AuthenticationForm"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>AuthenticationForm </font></font></span></tt></a><font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.login" title="django.contrib.auth.views.login"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>登录（）</font></font></span></tt></a><font><font> 
所使用的</font><font>观点</font></font><em><font><font>确实</font></font></em><font><font> 
执行此检查，因为这样做权限检查方法，如
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.has_perm" title="django.contrib.auth.models.User.has_perm"><tt class="xref py py-meth docutils literal"><span class="pre"><font><font>has_perm（）</font></font></span></tt></a><font><font>和Django的admin认证。</font><font>所有这些函数/方法将</font></font><tt class="xref docutils literal"><span class="pre"><font><font>返回</font></font></span></tt><font><font> False </font><font>为不活动的用户。</font></font></p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.is_superuser">
<tt class="descname"><font><font>is_superuser </font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_superuser" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>布尔值。</font><font>指定该用户没有明确指定的所有权限。</font></font></p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.last_login">
<tt class="descname"><font><font>last_login </font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.last_login" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>一个用户的最后一次登录的日期时间。</font><font>设置默认情况下，为当前的日期/时间。</font></font></p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.date_joined">
<tt class="descname"><font><font>date_joined </font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.date_joined" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>指定帐户时创建一个DateTime。</font><font>被设置为当前日期/创建帐户时默认时间。</font></font></p>
</dd></dl>

</dd></dl>

</div>
<div class="section" id="s-methods">
<span id="methods"></span><h4><font><font>方法</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#methods" title="Permalink to this headline"><font><font>¶</font></font></a></h4>
<dl class="class">
<dt>
<em class="property"><font><font>类</font></font></em><tt class="descclassname"><font><font>模型。</font></font></tt><tt class="descname"><font><font>用户</font></font></tt></dt>
<dd><p><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象有许多到许多领域：</font></font><tt class="docutils literal"><span class="pre"><font><font>团体</font></font></span></tt><font><font>和</font></font><tt class="docutils literal"><span class="pre"><font><font>user_permissions </font></font></span></tt><font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象可以访问他们在同样的方式与任何其他相关对象</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/db/models/"><em><font><font>的Django模型</font></font></em></a><font><font>：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">myuser</span><span class="o">.</span><span class="n">groups</span> <span class="o">=</span> <span class="p">[</span><span class="n">group_list</span><span class="p">]</span>
<span class="n">myuser</span><span class="o">.</span><span class="n">groups</span><span class="o">.</span><span class="n">add</span><span class="p">(</span><span class="n">group</span><span class="p">,</span> <span class="n">group</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span>
<span class="n">myuser</span><span class="o">.</span><span class="n">groups</span><span class="o">.</span><span class="n">remove</span><span class="p">(</span><span class="n">group</span><span class="p">,</span> <span class="n">group</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span>
<span class="n">myuser</span><span class="o">.</span><span class="n">groups</span><span class="o">.</span><span class="n">clear</span><span class="p">()</span>
<span class="n">myuser</span><span class="o">.</span><span class="n">user_permissions</span> <span class="o">=</span> <span class="p">[</span><span class="n">permission_list</span><span class="p">]</span>
<span class="n">myuser</span><span class="o">.</span><span class="n">user_permissions</span><span class="o">.</span><span class="n">add</span><span class="p">(</span><span class="n">permission</span><span class="p">,</span> <span class="n">permission</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span>
<span class="n">myuser</span><span class="o">.</span><span class="n">user_permissions</span><span class="o">.</span><span class="n">remove</span><span class="p">(</span><span class="n">permission</span><span class="p">,</span> <span class="n">permission</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span>
<span class="n">myuser</span><span class="o">.</span><span class="n">user_permissions</span><span class="o">.</span><span class="n">clear</span><span class="p">()</span>
</pre></div>
</div>
<p><font><font>除了 ​​这些自动API方法，
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象有以下的自定义方法：</font></font></p>
<dl class="method">
<dt id="django.contrib.auth.models.User.is_anonymous">
<tt class="descname"><font><font>is_anonymous</font></font></tt><font><font>（）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_anonymous" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>总是返回</font></font><tt class="xref docutils literal"><span class="pre"><font><font>FALSE</font></font></span></tt><font><font>。</font><font>这是一种与众不同的方式
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>User</font></font></span></tt></a><font><font>和
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>AnonymousUser</font></font></span></tt></a><font><font>对象。</font><font>一般来说，你应该更喜欢使用
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_authenticated" title="django.contrib.auth.models.User.is_authenticated"><tt class="xref py py-meth docutils literal"><span class="pre"><font><font>is_authenticated（）</font></font></span></tt></a><font><font>这个方法。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.is_authenticated">
<tt class="descname"><font><font>is_authenticated</font></font></tt><font><font>（）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_authenticated" title="Permalink to this definition"><font><font>​​¶</font></font></a></dt>
<dd><p><font><font>始终返回</font></font><tt class="xref docutils literal"><span class="pre"><font><font>真</font></font></span></tt><font><font>。</font><font>这是一种方式来告诉如果用户已通过验证。</font><font>这并不意味着任何权限，不检查，如果用户是活跃的-它只是表明用户提供了一个有效的用户名和密码。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.get_full_name">
<tt class="descname"><font><font>get_full_name</font></font></tt><font><font>（）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.get_full_name" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>返回的的</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.first_name" title="django.contrib.auth.models.User.first_name"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>FIRST_NAME</font></font></span></tt></a><font><font>加的</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.last_name" title="django.contrib.auth.models.User.last_name"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>last_name的</font></font></span></tt></a><font><font>，与之间的空间。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.set_password">
<tt class="descname"><font><font>set_password</font></font></tt><font><font>（</font></font><em><font><font>raw_password</font></font></em><font><font>）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.set_password" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>设置用户的密码给定的原始字符串，照顾的密码散列。</font><font>不保存
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.check_password">
<tt class="descname"><font><font>check_password</font></font></tt><font><font>（</font></font><em><font><font>raw_password</font></font></em><font><font>）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.check_password" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>返回</font></font><tt class="xref docutils literal"><span class="pre"><font><font>真，</font></font></span></tt><font><font>如果给定的原始字符串是正确的用户密码。</font><font>（这需要在比较照顾的密码散列。）</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.set_unusable_password">
<tt class="descname"><font><font>set_unusable_password</font></font></tt><font><font>（）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.set_unusable_password" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>标志着有没有设置密码的用户。</font><font>这是不是有一个空字符串密码相同。
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.check_password" title="django.contrib.auth.models.User.check_password"><tt class="xref py py-meth docutils literal"><span class="pre"><font><font>check_password（），</font></font></span></tt></a><font><font>此用户将永远不会</font></font><tt class="xref docutils literal"><span class="pre"><font><font>返回</font></font></span></tt><font><font> True </font><font>。</font><font>不保存
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象。</font></font></p>
<p><font><font>您可能需要为您的应用程序的身份验证，如果需要对现有的外部来源，如LDAP目录。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.has_usable_password">
<tt class="descname"><font><font>has_usable_password</font></font></tt><font><font>（）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.has_usable_password" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>此用户已被称为，</font><font>如果
 </font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.set_unusable_password" title="django.contrib.auth.models.User.set_unusable_password"><tt class="xref py py-meth docutils literal"><span class="pre"><font>set_unusable_password（）</font></span></tt></a><font>返回</font></font><tt class="xref docutils literal"><span class="pre"><font><font>假</font></font></span></tt><font><font>。</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.set_unusable_password" title="django.contrib.auth.models.User.set_unusable_password"><tt class="xref py py-meth docutils literal"><span class="pre"><font></font></span></tt></a><font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.get_group_permissions">
<tt class="descname"><font><font>get_group_permissions</font></font></tt><font><font>（</font></font><em><font><font>OBJ =没有</font></font></em><font><font>）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.get_group_permissions" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>返回该用户具有的权限字符串集合，通过他/她的团体。</font></font></p>
<div class="versionadded">
<span class="title"><font><font>在Django 1.2的新功能：</font></font></span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.2/"><em><font><font>请参阅发行说明</font></font></em></a></div>
<p><font><font>如果</font></font><tt class="docutils literal"><span class="pre"><font><font>obj</font></font></span></tt><font><font>是通过在这个特定的对象，只返回该组的权限。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.get_all_permissions">
<tt class="descname"><font><font>get_all_permissions</font></font></tt><font><font>（</font></font><em><font><font>OBJ =没有</font></font></em><font><font>）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.get_all_permissions" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>返回该用户具有的权限字符串集合，无论是通过组和用户权限。</font></font></p>
<div class="versionadded">
<span class="title"><font><font>在Django 1.2的新功能：</font></font></span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.2/"><em><font><font>请参阅发行说明</font></font></em></a></div>
<p><font><font>如果</font></font><tt class="docutils literal"><span class="pre"><font><font>obj</font></font></span></tt><font><font>是过去了，只返回这个特定对象的权限。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.has_perm">
<tt class="descname"><font><font>has_perm</font></font></tt><font><font>（</font></font><em><font><font>烫发</font></font></em><font><font>，</font></font><em><font><font>OBJ =无</font></font></em><font><font>）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.has_perm" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><tt class="docutils literal"><span class="pre"><font>“&lt;应用程序</font></span></tt><tt class="docutils literal"><span class="pre"><font>标签</font></span></tt><font>，则</font></font><tt class="xref docutils literal"><span class="pre"><font><font>返回</font></font></span></tt><font><font> True， 如果用户指定的权限，在烫发格式</font><tt class="docutils literal"><span class="pre"><font>&gt;。&lt;准许</font></span></tt><tt class="docutils literal"><span class="pre"><font>代号&gt;“ </font></span></tt><font>。</font><font>（见
 </font><font>下文</font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#permissions"><font>权限</font></a><font>）。</font><font>如果用户是无效的，此方法将始终</font><tt class="xref docutils literal"><span class="pre"><font>返回</font></span></tt><font> False </font><font>。</font></font><tt class="docutils literal"><span class="pre"><font></font></span> <span class="pre"><font></font></span> <span class="pre"><font></font></span></tt><font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#permissions"><font></font></a><font></font><tt class="xref docutils literal"><span class="pre"><font></font></span></tt><font></font></p>
<div class="versionadded">
<span class="title"><font><font>在Django 1.2的新功能：</font></font></span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.2/"><em><font><font>请参阅发行说明</font></font></em></a></div>
<p><font><font>如果</font></font><tt class="docutils literal"><span class="pre"><font><font>obj</font></font></span></tt><font><font>是通过这种方法不会检查模型的权限，但对于这个特定的对象。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.has_perms">
<tt class="descname"><font><font>has_perms</font></font></tt><font><font>（</font></font><em><font><font>perm_list</font></font></em><font><font>，</font></font><em><font><font>OBJ =没有</font></font></em><font><font>）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.has_perms" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>，则</font></font><tt class="xref docutils literal"><span class="pre"><font><font>返回</font></font></span></tt><font><font> True </font><font>，如果用户有每个指定的权限，每个烫发的格式是
 </font></font><tt class="docutils literal"><span class="pre"><font><font>“&lt;应用程序</font></font></span> <span class="pre"><font><font>标签。&lt;准许</font></font></span> <span class="pre"><font><font>代号&gt;“ </font></font></span></tt><font><font>。</font><font>如果用户是无效的，此方法将始终</font></font><tt class="xref docutils literal"><span class="pre"><font><font>返回</font></font></span></tt><font><font> False </font><font>。</font></font></p>
<div class="versionadded">
<span class="title"><font><font>在Django 1.2的新功能：</font></font></span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.2/"><em><font><font>请参阅发行说明</font></font></em></a></div>
<p><font><font>如果</font></font><tt class="docutils literal"><span class="pre"><font><font>obj</font></font></span></tt><font><font>是通过这种方法不会检查模型的权限，但对于特定的对象。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.has_module_perms">
<tt class="descname"><font><font>has_module_perms</font></font></tt><font><font>（</font></font><em><font><font>PACKAGE_NAME</font></font></em><font><font>）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.has_module_perms" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>在给定的包（Django应用程序标签），如果用户有任何权限</font><font>，则</font></font><tt class="xref docutils literal"><span class="pre"><font><font>返回</font></font></span></tt><font><font> True 。</font><font>如果用户是无效的，此方法将始终</font></font><tt class="xref docutils literal"><span class="pre"><font><font>返回</font></font></span></tt><font><font> False </font><font>。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.email_user">
<tt class="descname"><font><font>email_user</font></font></tt><font><font>（</font></font><em><font><font>主题</font></font></em><font><font>，</font></font><em><font><font>消息</font></font></em><font><font>，</font></font><em><font><font>from_email =没有</font></font></em><font><font>）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.email_user" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>向用户发送一封电子邮件。</font><font>如果
 </font></font><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>from_email</font></font></span></tt><font><font>是</font></font><tt class="xref docutils literal"><span class="pre"><font><font>没有</font></font></span></tt><font><font> Django使用</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-DEFAULT_FROM_EMAIL"><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>DEFAULT_FROM_EMAIL， </font></font></span></tt></a><font><font>。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.get_profile">
<tt class="descname"><font><font>get_profile</font></font></tt><font><font>（）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.get_profile" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>返回该用户的站点特定的配置文件。</font><font>如果当前网站不容许型材，，或
 </font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/exceptions/#django.core.exceptions.ObjectDoesNotExist" title="django.core.exceptions.ObjectDoesNotExist"><tt class="xref py py-exc docutils literal"><span class="pre"><font>django.core.exceptions.ObjectDoesNotExist</font></span></tt></a><font>如果用户配置文件没有</font><font>提出
 </font></font><tt class="xref py py-exc docutils literal"><span class="pre"><font><font>django.contrib.auth.models.SiteProfileNotAvailable</font></font></span></tt><font><font>。</font><font>有关如何定义一个站点特定的用户配置文件的详细信息，请参见上节</font><font>下面的</font><a class="reference external" href="https://docs.djangoproject.com/en/1.4/topics/auth/#storing-additional-information-about-users"><font>其他用户信息存储</font></a><font>。</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/exceptions/#django.core.exceptions.ObjectDoesNotExist" title="django.core.exceptions.ObjectDoesNotExist"><tt class="xref py py-exc docutils literal"><span class="pre"><font></font></span></tt></a><font></font><a class="reference external" href="https://docs.djangoproject.com/en/1.4/topics/auth/#storing-additional-information-about-users"><font></font></a><font></font></p>
</dd></dl>

</dd></dl>

</div>
<div class="section" id="s-manager-functions">
<span id="manager-functions"></span><h4><font><font>管理职能</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#manager-functions" title="Permalink to this headline"><font><font>¶</font></font></a></h4>
<dl class="class">
<dt id="django.contrib.auth.models.UserManager">
<em class="property"><font><font>类</font></font></em><tt class="descclassname"><font><font>模型。</font></font></tt><tt class="descname"><font><font>UserManager </font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.UserManager" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>User </font><font>模型有一个自定义的管理器，具有以下辅助功能：</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font></font></span></tt></a><font></font></p>
<dl class="method">
<dt id="django.contrib.auth.models.UserManager.create_user">
<tt class="descname"><font><font>create_user</font></font></tt><font><font>（</font></font><em><font><font>用户名</font></font></em><font><font>，</font></font><em><font><font>电子邮件=无</font></font></em><font><font>，</font></font><em><font><font>密码=无</font></font></em><font><font>）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.UserManager.create_user" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><div class="versionchanged">
<span class="title"><font><font>改变在Django 1.4：</font></font></span><font></font><tt class="docutils literal"><span class="pre"><font><font>电子邮件</font></font></span></tt><font><font>参数是可选的。</font><font>username参数现在空虚和检查</font><font>结果为负的情况下</font><font>引发
 </font></font><tt class="xref py py-exc docutils literal"><span class="pre"><font><font>ValueError异常</font></font></span></tt><font><font>。</font></font></div>
<p><font><font>创建，保存并返回</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>。</font></font></p>
<p><font><font>设置为给定</font><font>的</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.username" title="django.contrib.auth.models.User.username"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>用户名</font></font></span></tt></a><font><font>和
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.password" title="django.contrib.auth.models.User.password"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>密码</font></font></span></tt></a><font><font>。</font><font>域部分</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.email" title="django.contrib.auth.models.User.email"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>电子邮件</font></font></span></tt></a><font><font>被自动转换为小写，并返回
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象将拥有
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_active" title="django.contrib.auth.models.User.is_active"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>的is_active</font></font></span></tt></a><font><font>设置</font></font><tt class="xref docutils literal"><span class="pre"><font><font>为</font></font></span></tt><font><font> True </font><font>。</font></font></p>
<p><font><font>如果没有提供密码中，
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.set_unusable_password" title="django.contrib.auth.models.User.set_unusable_password"><tt class="xref py py-meth docutils literal"><span class="pre"><font><font>set_unusable_password（）</font></font></span></tt></a><font><font>将被调用。</font></font></p>
<p><font><font>请参阅</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#creating-users"><font><font>创建用户，</font></font></a><font><font>例如使用。</font></font></p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.UserManager.make_random_password">
<tt class="descname">make_random_password</tt>(<em>length=10</em>, <em>allowed_chars='abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789'</em>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.UserManager.make_random_password" title="Permalink to this definition">¶</a></dt>
<dd><p><font><font>给定的长度和允许的字符的字符串返回一个随机密码。</font><font>（请注意，默认值</font></font><tt class="docutils literal"><span class="pre"><font><font>allowed_chars</font></font></span></tt><font><font> 
不包含字母，可能会导致用户混淆，包括：</font></font></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre"><font><font>我</font></font></span></tt><font></font><tt class="docutils literal"><span class="pre"><font><font>升</font></font></span></tt><font><font>，</font></font><tt class="docutils literal"><span class="pre"><font><font>我</font></font></span></tt><font><font>，</font></font><tt class="docutils literal"><span class="pre"><font><font>1</font></font></span></tt><font><font>（小写字母，小写字母L，大写字母i，头号）</font></font></li>
<li><tt class="docutils literal"><span class="pre"><font><font>O</font></font></span></tt><font><font>，</font></font><tt class="docutils literal"><span class="pre"><font><font>O</font></font></span></tt><font><font>，</font></font><tt class="docutils literal"><span class="pre"><font><font>0</font></font></span></tt><font><font>（大写字母O，小写字母o和零）</font></font></li>
</ul>
</dd></dl>

</dd></dl>

</div>
</div>
<div class="section" id="s-basic-usage">
<span id="basic-usage"></span><h3><font><font>基本用法</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#basic-usage" title="Permalink to this headline"><font><font>¶</font></font></a></h3>
<div class="section" id="s-creating-users">
<span id="s-topics-auth-creating-users"></span><span id="creating-users"></span><span id="topics-auth-creating-users"></span><h4><font><font>创建用户</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#creating-users" title="Permalink to this headline"><font><font>¶</font></font></a></h4>
<p><font><font>创建用户最基本的方法是使用的
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.UserManager.create_user" title="django.contrib.auth.models.UserManager.create_user"><tt class="xref py py-meth docutils literal"><span class="pre"><font><font>create_user（）</font></font></span></tt></a><font><font> Django自带的辅助功能：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="gp">&gt;&gt;&gt; </span><span class="kn">from</span> <span class="nn">django.contrib.auth.models</span> <span class="kn">import</span> <span class="n">User</span>
<span class="gp">&gt;&gt;&gt; </span><span class="n">user</span> <span class="o">=</span> <span class="n">User</span><span class="o">.</span><span class="n">objects</span><span class="o">.</span><span class="n">create_user</span><span class="p">(</span><span class="s">'john'</span><span class="p">,</span> <span class="s">'lennon@thebeatles.com'</span><span class="p">,</span> <span class="s">'johnpassword'</span><span class="p">)</span><font></font>
<font></font>
<span class="go"><font><font>＃此时，用户是一个用户对象，已保存</font></font></span>
<span class="go"><font><font>的数据库＃。</font><font>您可以继续以改变其属性</font></font></span>
<span class="go"><font><font>＃如果你想改变等领域。</font></font></span>
<span class="gp"><font><font>&gt;&gt;&gt; </font></font></span><span class="n"><font><font>用户</font></font></span><span class="o"><font><font>。</font></font></span><span class="n"><font><font>is_staff </font></font></span> <span class="o"><font><font>= </font></font></span> <span class="bp"><font><font>真</font></font></span>
<span class="gp"><font><font>&gt;&gt;&gt; </font></font></span><span class="n"><font><font>用户</font></font></span><span class="o"><font></font></span><span class="n"><font><font>保存</font></font></span><span class="p"><font><font>（）</font></font></span>
</pre></div>
</div>
<p><font><font>您还可以创建用户使用Django的admin站点。</font><font>假设您已经启用管理网站，并迷上它的URL </font></font><tt class="docutils literal"><span class="pre"><font><font>/管理/</font></font></span></tt><font><font> “添加用户”页面是在
 </font></font><tt class="docutils literal"><span class="pre"><font><font>/管理/认证/用户/添加/</font></font></span></tt><font><font>。</font><font>你也应该看到，以主管理索引页中的“验证”节“用户”链接。</font><font>“添加用户”管理页面是不同的，它要求你选择一个用户名和密码，才让你编辑用户的其他领域比标准管理页面。</font></font></p>
<p><font><font>另外请注意：如果你想自己的用户帐户，以便能够创建用户使用Django的admin站点，你需要给自己添加用户</font></font><em><font><font>，</font></font></em><font><font>更改用户（即“添加用户”和“更改用户”权限的</font><font>权限
 </font><font>）。</font><font>如果您的帐户添加用户，但不改变他们的权限，您将无法添加用户。</font><font>为什么呢？</font><font>因为如果你有添加用户的权限，你有能力创建超级用户，然后可以反过来，改变其他用户。</font><font>因此，Django的需要添加</font></font><em><font><font>和</font></font></em><font><font>更改权限作为一个轻微的保安措施。</font></font></p>
</div>
<div class="section" id="s-changing-passwords">
<span id="changing-passwords"></span><h4><font><font>更改密码</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#changing-passwords" title="Permalink to this headline"><font><font>¶</font></font></a></h4>
<div class="versionadded">
<span class="title"><font><font>在Django 1.2的新功能：</font></font></span><font></font><tt class="docutils literal"><span class="pre"><font><font>manage.py </font></font></span> <span class="pre"><font><font>changepassword</font></font></span></tt><font><font>命令添加。</font></font></div>
<p><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-changepassword"><tt class="xref std std-djadmin docutils literal"><span class="pre"><font><font>manage.py </font></font></span> <span class="pre"><font><font>changepassword </font></font></span> <span class="pre"><font><font>*用户名*</font></font></span></tt></a><font><font>提供了更改用户密码的命令行的方法。</font><font>它会提示你要改变一个给定的用户，你必须输入两次密码。</font><font>如果他们都在比赛，新密码将立即改变。</font><font>如果你不提供一个用户，该命令将试图改变当前用户的用户名相匹配的密码。</font></font></p>
<p><font><font>您还可以更改密码编程，使用
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.set_password" title="django.contrib.auth.models.User.set_password"><tt class="xref py py-meth docutils literal"><span class="pre"><font><font>set_password（） </font></font></span></tt></a><font><font>：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="gp"><font></font></span><span class="kn"><font></font></span> <span class="nn"><font></font></span> <span class="kn"><font></font></span> <span class="n"><font></font></span>
<span class="gp"><font></font></span><span class="n"><font></font></span> <span class="o"><font></font></span> <span class="n"><font></font></span><span class="o"><font></font></span><span class="n"><font></font></span><span class="o"><font></font></span><span class="n"><font></font></span><span class="p"><font></font></span><span class="n"><font></font></span><span class="o"><font></font></span><span class="s"><font></font></span><span class="p"><font></font></span>
<span class="gp"><font></font></span><span class="n"><font></font></span><span class="o"><font></font></span><span class="n"><font></font></span><span class="p"><font></font></span><span class="s"><font><font>密码' </font></font></span><span class="p"><font><font>）</font></font></span>
<span class="gp"><font><font>&gt;&gt;&gt; </font></font></span><span class="n"><font><font>U </font></font></span><span class="o"><font><font>。</font></font></span><span class="n"><font><font>保存</font></font></span><span class="p"><font><font>（）</font></font></span>
</pre></div>
</div>
<p><font><font>不要设置</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.password" title="django.contrib.auth.models.User.password"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>密码</font></font></span></tt></a><font><font>属性，除非你知道你在做什么。</font><font>在下一节对此进行了解释。</font></font></p>
</div>
</div>
<div class="section" id="s-how-django-stores-passwords">
<span id="s-auth-password-storage"></span><span id="how-django-stores-passwords"></span><span id="auth-password-storage"></span><h3><font><font>Django如何存储密码</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#how-django-stores-passwords" title="Permalink to this headline"><font><font>¶</font></font></a></h3>
<div class="versionadded">
<span class="title"><font><font>在Django 1.4：新</font></font></span><font><font>的Django 1.4引入了一个新的灵活的密码存储系统和默认使用PBKDF2的。</font><font>以前版本的Django使用SHA1的，不能选择其他算法。</font></font></div>
<p><font><font>的</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.password" title="django.contrib.auth.models.User.password"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>密码</font></font></span></tt></a><font><font>属性的
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象是在这种格式的字符串：</font></font></p>
<div class="highlight-python"><pre><font><font>算法美元哈希</font></font></pre>
</div>
<p><font><font>这是存储算法和哈希，由美元符号隔开。</font><font>该算法是单向散列或密码存储算法的Django可以使用，见下文。</font><font>哈希是单向函数的结果。</font></font></p>
<p><font><font>默认情况下，Django使用的</font></font><a class="reference external" href="http://en.wikipedia.org/wiki/PBKDF2"><font><font>PBKDF2的</font></font></a><font><font>算法与SHA256哈希密码伸展机制建议</font></font><a class="reference external" href="http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf"><font><font>NIST的</font></font></a><font><font>。</font><font>这应该是足以满足大多数用户：这是相当安全的，需要大量的计算时间打破。</font></font></p>
<p><font><font>然而，根据您的要求，你可以选择不同的算法，甚至可以使用一个自定义的算法，以符合您的特定的安全局势。</font><font>同样，大多数用户不应该需要做到这一点 - 如果你不知道，你可能不。</font><font>如果你这样做，请阅读：</font></font></p>
<p><font><font>Django的选择算法</font></font><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>PASSWORD_HASHERS</font></font></span></tt><font><font> 
设置</font><font>咨询</font><font>。</font><font>这是一个哈希算法类，这Django安装支持的名单。</font><font>在此列表中的第一项（，
 </font></font><tt class="docutils literal"><span class="pre"><font><font>settings.PASSWORD_HASHERS [0] </font></font></span></tt><font><font>）</font><font>将用于存储密码，和所有其他项目都有效，可用于检查现有密码hashers。</font><font>这意味着，如果你想使用不同的算法，你需要修改
 </font></font><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>PASSWORD_HASHERS</font></font></span></tt><font><font>，你更喜欢的算法首先在列表中列出。</font></font></p>
<p><font><font>默认</font></font><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>PASSWORD_HASHERS</font></font></span></tt><font><font>是：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">PASSWORD_HASHERS</span> <span class="o">=</span> <span class="p">(</span>
    <span class="s">'django.contrib.auth.hashers.PBKDF2PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.BCryptPasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.SHA1PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.MD5PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.CryptPasswordHasher'</span><span class="p">,</span>
<span class="p">)</span>
</pre></div>
</div>
<p><font><font>这意味着，Django会使用</font></font><a class="reference external" href="http://en.wikipedia.org/wiki/PBKDF2"><font><font>PBKDF2的</font></font></a><font><font>存储所有密码，但将支持存储的密码PBKDF2SHA1，</font></font><a class="reference external" href="http://en.wikipedia.org/wiki/Bcrypt"><font><font>bcrypt</font></font></a><font><font>，</font></font><a class="reference external" href="http://en.wikipedia.org/wiki/SHA1"><font><font>SHA1</font></font></a><font><font>等</font><font>检查，</font><font>接下来的几节描述了几个常用的方法，先进的用户可能要修改此设置。</font></font></p>
<div class="section" id="s-using-bcrypt-with-django">
<span id="using-bcrypt-with-django"></span><h4><font><font>使用bcrypt Django的</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#using-bcrypt-with-django" title="Permalink to this headline"><font><font>¶</font></font></a></h4>
<p><a class="reference external" href="http://en.wikipedia.org/wiki/Bcrypt"><font><font>bcrypt</font></font></a><font><font>是一种流行的密码存储算法，这是专门为长期的密码存储设计。</font><font>它不是由Django默认的，因为它需要使用第三方库，但因为很多人可能要使用Django支持bcrypt以最小的努力。</font></font></p>
<p><font><font>使用默认的存储算法Bcrypt，做到以下几点：</font></font></p>
<ol class="arabic">
<li><p class="first"><font><font>安装</font></font><a class="reference external" href="http://pypi.python.org/pypi/py-bcrypt/"><font><font>PY的bcrypt</font></font></a><font><font>库（可能是由运行</font></font><tt class="docutils literal"><span class="pre"><font><font>sudo的</font></font></span> <span class="pre"><font><font>点子</font></font></span> <span class="pre"><font><font>安装</font></font></span>
<span class="pre"><font><font>PY-bcrypt</font></font></span></tt><font><font>，或下载库和安装它</font></font><tt class="docutils literal"><span class="pre"><font><font>的python </font></font></span>
<span class="pre"><font><font>setup.py </font></font></span> <span class="pre"><font><font>安装</font></font></span></tt><font><font>）。</font></font></p>
</li>
<li><p class="first"><font><font>修改</font></font><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>PASSWORD_HASHERS</font></font></span></tt><font><font>列出</font></font><tt class="docutils literal"><span class="pre"><font><font>BCryptPasswordHasher</font></font></span></tt><font><font> 
第一。</font><font>也就是说，在你的设置文件，你把：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">PASSWORD_HASHERS</span> <span class="o">=</span> <span class="p">(</span>
    <span class="s">'django.contrib.auth.hashers.BCryptPasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.PBKDF2PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.SHA1PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.MD5PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.CryptPasswordHasher'</span><span class="p">,</span>
<span class="p">)</span>
</pre></div>
</div>
<p><font><font>（你需要保持在这个名单中的其他条目，否则Django会无法升级密码，见下文）。</font></font></p>
</li>
</ol>
<p><font><font>这就是它 - 现在你的Django安装将使用默认的存储算法Bcrypt。</font></font></p>
<div class="admonition-other-bcrypt-implementations admonition ">
<p class="first admonition-title"><font><font>其他bcrypt实现</font></font></p>
<p class="last"><font><font>有几个其他的实现，使bcrypt与Django。</font><font>Django的的bcrypt支持是不直接与这些兼容。</font><font>升级，您将需要修改数据库中的哈希形式，</font></font><cite><font><font>bcrypt $（原料bcrypt输出）</font></font></cite><font><font>。</font><font>例如：
 </font></font><cite><font><font>bcrypt $ 2A $ $ 12 $ NT0I31Sa7ihGEWpka9ASYrEFkhuTNeBQ2xfZskIiiJeyFXhRgS.Sy</font></font></cite><font><font>。</font></font></p>
</div>
</div>
<div class="section" id="s-increasing-the-work-factor">
<span id="increasing-the-work-factor"></span><h4><font><font>越来越多的工作因素</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#increasing-the-work-factor" title="Permalink to this headline"><font><font>¶</font></font></a></h4>
<p><font><font>PDKDF2和bcrypt算法使用迭代散列轮。</font><font>这种刻意减慢攻击，使攻击更难哈希密码。</font><font>然而，随着计算能力的增加，需要增加迭代次数。</font><font>我们选择一个合理的默认（而且会增加它与每个版本的Django），但你不妨调整或下降，取决于您的安全需求和可用的处理能力。</font><font>要做到这一点，你继承合适的算法和覆盖的</font></font><tt class="docutils literal"><span class="pre"><font><font>迭代</font></font></span></tt><font><font> 
参数。</font><font>例如，增加的迭代使用默认PDKDF2算法的数字：</font></font></p>
<ol class="arabic">
<li><p class="first"><font><font>创建一个子类</font></font><tt class="docutils literal"><span class="pre"><font><font>django.contrib.auth.hashers.PBKDF2PasswordHasher</font></font></span></tt><font><font>：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn"><font><font>从</font></font></span> <span class="nn"><font><font>django.contrib.auth.hashers </font></font></span> <span class="kn"><font><font>进口</font></font></span> <span class="n"><font><font>PBKDF2PasswordHasher</font></font></span><font></font>
<font></font>
<span class="k"><font><font>类</font></font></span> <span class="nc"><font><font>MyPBKDF2PasswordHasher </font></font></span><span class="p"><font><font>（</font></font></span><span class="n"><font><font>PBKDF2PasswordHasher </font></font></span><span class="p"><font><font>）： </font></font></span>
    <span class="sd"><font><font>“” </font><font>。的PBKDF2PasswordHasher，使用100倍以上的迭代子类 </font></font></span>
<span class="sd"><font></font></span>
<span class="sd"><font><font>    “” </font></font></span>
    <span class="n"><font><font>迭代</font></font></span> <span class="o"><font><font>= </font></font></span> <span class="n"><font><font>PBKDF2PasswordHasher </font></font></span><span class="o"><font><font>，</font></font></span><span class="n"><font><font>迭代</font></font></span> <span class="o"><font><font>* </font></font></span> <span class="mi"><font><font>100</font></font></span>
</pre></div>
</div>
<p><font><font>保存此项目中的某处。</font><font>例如，你可能把这样的文件，这</font></font><tt class="docutils literal"><span class="pre"><font><font>为MyProject / hashers.py</font></font></span></tt><font><font>。</font></font></p>
</li>
<li><p class="first"><font><font>在第一项加入新的散列器</font></font><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>PASSWORD_HASHERS</font></font></span></tt><font><font>：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">PASSWORD_HASHERS</span> <span class="o">=</span> <span class="p">(</span>
    <span class="s">'myproject.hashers.MyPBKDF2PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.PBKDF2PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.BCryptPasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.SHA1PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.MD5PasswordHasher'</span><span class="p">,</span>
    <span class="s">'django.contrib.auth.hashers.CryptPasswordHasher'</span><span class="p">,</span>
<span class="p">)</span>
</pre></div>
</div>
</li>
</ol>
<p><font><font>这就是它 - 现在你的Django安装将使用更多的迭代时，它存储密码使用PBKDF2的。</font></font></p>
</div>
<div class="section" id="s-password-upgrading">
<span id="password-upgrading"></span><h4><font><font>密码升级</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#password-upgrading" title="Permalink to this headline"><font><font>¶</font></font></a></h4>
<p><font><font>当用户登录时，如果他们的密码存储任何首选的算法以外，Django会自动升级算法的首选之一。</font><font>这意味着，老安装的Django将自动获得更安全的用户登录，这也意味着，你可以切换到新的和更好的存储算法，因为他们得到发明。</font></font></p>
<p><font><font>然而，Django的只能升级使用中提到的算法</font></font><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>PASSWORD_HASHERS的</font></font></span></tt><font><font>密码
 </font><font>，只要你升级到新的系统，你应该确保从来没有</font><font>从这个名单</font></font><em><font><font>中删除的</font></font></em><font><font>条目。</font><font>如果你这样做，使用非上述算法的用户将无法升级。</font></font></p>
</div>
</div>
<div class="section" id="s-anonymous-users">
<span id="anonymous-users"></span><h3><font><font>匿名用户</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#anonymous-users" title="Permalink to this headline"><font><font>¶</font></font></a></h3>
<dl class="class">
<dt id="django.contrib.auth.models.AnonymousUser">
<em class="property"><font><font>类</font></font></em><tt class="descclassname"><font><font>模型。</font></font></tt><tt class="descname"><font><font>AnonymousUser </font></font></tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.AnonymousUser" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>django.contrib.auth.models.AnonymousUser</font></font></span></tt></a><font><font>是一类实现的</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>django.contrib.auth.models.User</font></font></span></tt></a><font><font>接口，这些差异：</font></font></p>
<ul class="simple">
<li><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>ID</font></font></span></tt><font><font>是始终</font></font><tt class="xref docutils literal"><span class="pre"><font><font>没有</font></font></span></tt><font><font>。</font></font></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_staff" title="django.contrib.auth.models.User.is_staff"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>is_staff</font></font></span></tt></a><font><font>和
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_superuser" title="django.contrib.auth.models.User.is_superuser"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>is_superuser</font></font></span></tt></a><font><font>始终是
 </font></font><tt class="xref docutils literal"><span class="pre"><font><font>假的</font></font></span></tt><font><font>。</font></font></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_active" title="django.contrib.auth.models.User.is_active"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>的is_active</font></font></span></tt></a><font><font>始终是</font></font><tt class="xref docutils literal"><span class="pre"><font><font>假的</font></font></span></tt><font><font>。</font></font></li>
<li><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>团体</font></font></span></tt><font><font>和
 </font></font><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>user_permissions</font></font></span></tt><font><font>总是空的。</font></font></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_anonymous" title="django.contrib.auth.models.User.is_anonymous"><tt class="xref py py-meth docutils literal"><span class="pre"><font><font>is_anonymous（）</font></font></span></tt></a><font><font>返回</font></font><tt class="xref docutils literal"><span class="pre"><font><font>真</font></font></span></tt><font><font> 
，而不是</font></font><tt class="xref docutils literal"><span class="pre"><font><font>虚假</font></font></span></tt><font><font>的</font><font>。</font></font></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_authenticated" title="django.contrib.auth.models.User.is_authenticated"><tt class="xref py py-meth docutils literal"><span class="pre"><font><font>is_authenticated（）</font></font></span></tt></a><font><font>返回
 </font></font><tt class="xref docutils literal"><span class="pre"><font><font>假</font></font></span></tt><font><font>，而不是</font></font><tt class="xref docutils literal"><span class="pre"><font><font>真实的</font></font></span></tt><font><font>。</font></font></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.set_password" title="django.contrib.auth.models.User.set_password"><tt class="xref py py-meth docutils literal"><span class="pre">set_password()</span></tt></a>,
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.check_password" title="django.contrib.auth.models.User.check_password"><tt class="xref py py-meth docutils literal"><span class="pre">check_password()</span></tt></a>,
<tt class="xref py py-meth docutils literal"><span class="pre">save()</span></tt>,
<tt class="xref py py-meth docutils literal"><span class="pre">delete()</span></tt>,
<tt class="xref py py-meth docutils literal"><span class="pre">set_groups()</span></tt> and
<tt class="xref py py-meth docutils literal"><span class="pre">set_permissions()</span></tt> raise
<tt class="xref py py-exc docutils literal"><span class="pre">NotImplementedError</span></tt>.</li>
</ul>
</dd></dl>

<p><font><font>在实践中，你可能将不再需要使用
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>AnonymousUser</font></font></span></tt></a><font><font>自己的对象，但他们使用Web请求，在下一节解释。</font></font></p>
</div>
<div class="section" id="s-creating-superusers">
<span id="s-topics-auth-creating-superusers"></span><span id="creating-superusers"></span><span id="topics-auth-creating-superusers"></span><h3><font><font>创建超级用户</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#creating-superusers" title="Permalink to this headline"><font><font>¶</font></font></a></h3>
<p><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-syncdb"><tt class="xref std std-djadmin docutils literal"><span class="pre"><font><font>manage.py </font></font></span> <span class="pre"><font><font>的SyncDB</font></font></span></tt></a><font><font>提示你创建一个超级用户第一次运行后加入</font></font><tt class="docutils literal"><span class="pre"><font><font>“django.contrib.auth'</font></font></span></tt><font><font>你的
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-INSTALLED_APPS"><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>INSTALLED_APPS中</font></font></span></tt></a><font><font>。</font><font>如果你需要创建一个超级用户，在以后的日子，你可以使用一个命令行实用程序：</font></font></p>
<div class="highlight-python"><pre><font><font>manage.py createsuperuser  - 用户名=乔 - 电子邮件= joe@example.com</font></font></pre>
</div>
<p><font><font>你会被提示输入密码。</font><font>当您输入一个，用户将被立即创建。</font><font>如果你离开</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-option---username"><tt class="xref std std-djadminopt docutils literal"><span class="pre"><font><font>-用户名</font></font></span></tt></a><font><font>-
电子邮件 </font><font>选项，它会提示你这些值。</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-option---email"><tt class="xref std std-djadminopt docutils literal"><span class="pre"><font></font></span></tt></a><font></font></p>
<p><font><font>如果你使用的是旧版本的Django，在命令行上创建的超级老办法仍然有效：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="n"><font><font>蟒蛇</font></font></span> <span class="o"><font><font>/ </font></font></span><span class="n"><font><font>路径</font></font></span><span class="o"><font><font>/ </font></font></span><span class="n"><font><font>到</font></font></span><span class="o"><font><font>/ </font></font></span><span class="n"><font><font>的django </font></font></span><span class="o"><font><font>/ </font></font></span><span class="n"><font><font>contrib的</font></font></span><span class="o"><font><font>/ </font></font></span><span class="n"><font><font>AUTH </font></font></span><span class="o"><font><font>/ </font></font></span><span class="n"><font><font>create_superuser的</font></font></span><span class="o"><font><font>。</font></font></span><span class="n"><font><font>PY</font></font></span>
</pre></div>
</div>
<p><font><font>... </font></font><tt class="file docutils literal"><span class="pre"><font><font>/路径/</font></font></span></tt><font><font> Django的文件系统代码库的路径。</font><font>的的</font></font><tt class="docutils literal"><span class="pre"><font><font>manage.py</font></font></span></tt><font><font>命令是首选，因为它计算出正确的路径和你的环境。</font></font></p>
</div>
<div class="section" id="s-storing-additional-information-about-users">
<span id="s-auth-profiles"></span><span id="storing-additional-information-about-users"></span><span id="auth-profiles"></span><h3><font><font>存储有关用户的其他信息</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#storing-additional-information-about-users" title="Permalink to this headline"><font><font>¶</font></font></a></h3>
<p><font><font>如果你想存储有关用户的其他信息，Django提供了一个方法指定一个特定地点的相关模型 - 被称为“用户配置文件” - 为这个目的。</font></font></p>
<p><font><font>要利用这一特性，定义的其他信息，你想存储的领域，或其他方法，你想获得一个模型，并添加一个
 </font><font>名为</font></font><tt class="xref py py-class docutils literal"><span class="pre"><font><font>OneToOneField </font></font></span></tt><font></font><tt class="docutils literal"><span class="pre"><font><font>用户</font></font></span></tt><font><font>从你的模型的</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>模型。</font><font>这将确保你的模型中只有一个实例，可以为每个</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>创建
 </font><font>。</font><font>例如：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn"><font><font>从</font></font></span> <span class="nn"><font><font>django.contrib.auth.models </font></font></span> <span class="kn"><font><font>导入</font></font></span> <span class="n"><font><font>用户</font></font></span><font></font>
<font></font>
<span class="k"><font><font>类的</font></font></span> <span class="nc"><font><font>USERPROFILE </font></font></span><span class="p"><font><font>（</font></font></span><span class="n"><font><font>模型</font></font></span><span class="o"><font><font>。</font></font></span><span class="n"><font></font></span><span class="p"><font><font>：</font></font></span>
    <span class="c"><font><font>＃此字段是必需的。</font></font></span>
    <span class="n"><font><font>用户</font></font></span> <span class="o"><font></font></span> <span class="n"><font><font>模型</font></font></span><span class="o"><font><font>。</font></font></span><span class="n"><font><font>OneToOneField </font></font></span><span class="p"><font><font>（</font></font></span><span class="n"><font><font>用户</font></font></span><span class="p"><font><font>）</font></font></span><font></font>
<font></font>
    <span class="c"><font><font>＃其他领域</font></font></span>
    <span class="n"><font></font></span> <span class="o"><font></font></span> <span class="n"><font></font></span><span class="o"><font></font></span><span class="n"><font></font></span><span class="p"><font></font></span>
    <span class="n"><font></font></span> <span class="o"><font></font></span> <span class="n"><font></font></span><span class="o"><font></font></span><span class="n"><font></font></span><span class="p"><font></font></span><span class="n"><font></font></span><span class="o"><font></font></span><span class="mi"><font></font></span><span class="p"><font></font></span> <span class="n"><font></font></span><span class="o"><font></font></span><span class="s"><font></font></span><span class="p"><font></font></span>
</pre></div>
</div>
<p><font><font>为了表明，该模型是一个给定网站的用户剖面模型，填补在设置</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-AUTH_PROFILE_MODULE"><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>AUTH_PROFILE_MODULE</font></font></span></tt></a><font><font>包括以下项目，由点号分隔的字符串：</font></font></p>
<ol class="arabic simple">
<li><font><font>应用程序的名称（区分大小写），在用户配置文件定义模型（换句话说，被传递到的名称</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-startapp"><tt class="xref std std-djadmin docutils literal"><span class="pre"><font><font>manage.py </font></font></span> <span class="pre"><font><font>的startApp</font></font></span></tt></a><font><font>创建应用程序）。</font></font></li>
<li><font><font>该模型的名称（不区分大小写）类。</font></font></li>
</ol>
<p><font><font>例如，如果剖面模型是一类名为</font></font><tt class="docutils literal"><span class="pre"><font><font>USERPROFILE</font></font></span></tt><font><font>和定义的应用程序名为内的</font></font><tt class="docutils literal"><span class="pre"><font><font>帐户</font></font></span></tt><font><font>，相应的设置将是：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="n"><font><font>AUTH_PROFILE_MODULE </font></font></span> <span class="o"><font><font>=的</font></font></span> <span class="s"><font><font>“accounts.UserProfile'</font></font></span>
</pre></div>
</div>
<p><font><font>当用户剖面模型已被定义，并以这种方式指定，每个
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象将有一个方法-
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.get_profile" title="django.contrib.auth.models.User.get_profile"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>get_profile（）</font></font></span></tt></a><font><font> -返回与此有关的用户个人资料模型的实例
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>。</font></font></p>
<p><font><font>的方法</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.get_profile" title="django.contrib.auth.models.User.get_profile"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>get_profile（）</font></font></span></tt></a><font><font> 
不创建一个配置文件，如果不存在。</font><font>您需要注册一个用户模式的</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/signals/#django.db.models.signals.post_save" title="django.db.models.signals.post_save"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>django.db.models.signals.post_save</font></font></span></tt></a><font><font>信号的</font><font>处理程序</font><font>，并在处理程序中，如果</font></font><tt class="docutils literal"><span class="pre"><font><font>创建的</font></font></span></tt><font><font>是</font></font><tt class="xref docutils literal"><span class="pre"><font><font>真实的</font></font></span></tt><font><font>，建立相关的用户配置文件：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="c"><font><font>＃在models.py</font></font></span><font></font>
<font></font>
<span class="kn"><font><font>从的</font></font></span> <span class="nn"><font><font>django.contrib.auth.models </font></font></span> <span class="kn"><font><font>进口</font></font></span> <span class="n"><font><font>用户</font></font></span>
<span class="kn"><font><font>从</font></font></span> <span class="nn"><font><font>django.db.models.signals </font></font></span> <span class="kn"><font><font>进口</font></font></span> <span class="n"><font><font>post_save</font></font></span><font></font>
<font></font>
<span class="c"><font><font>USERPROFILE从上面的</font><font>＃的定义</font></font></span>
<span class="c"><font><font>...</font></font></span><font></font>
<font></font>
<span class="k">def</span> <span class="nf">create_user_profile</span><span class="p">(</span><span class="n">sender</span><span class="p">,</span> <span class="n">instance</span><span class="p">,</span> <span class="n">created</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span>
    <span class="k">if</span> <span class="n">created</span><span class="p">:</span>
        <span class="n">UserProfile</span><span class="o">.</span><span class="n">objects</span><span class="o">.</span><span class="n">create</span><span class="p">(</span><span class="n">user</span><span class="o">=</span><span class="n">instance</span><span class="p">)</span><font></font>
<font></font>
<span class="n"><font><font>post_save </font></font></span><span class="o"><font><font>。</font></font></span><span class="n"><font><font>连接</font></font></span><span class="p"><font><font>（</font></font></span><span class="n"><font><font>create_user_profile </font></font></span><span class="p"><font><font>，</font></font></span> <span class="n"><font><font>发件人</font></font></span><span class="o"><font><font>= </font></font></span><span class="n"><font><font>用户</font></font></span><span class="p"><font><font>）</font></font></span>
</pre></div>
</div>
<div class="admonition-see-also admonition seealso">
<p class="first admonition-title"><font><font>参见</font></font></p>
<p class="last"><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/signals/"><em><font></font></em></a><font><font>Django的信号调度的更多信息的</font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/signals/"><em><font>信号</font></em></a><font>。</font></font></p>
</div>
</div>
</div>
<div class="section" id="s-authentication-in-web-requests">
<span id="authentication-in-web-requests"></span><h2><font><font>Web请求的验证</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#authentication-in-web-requests" title="Permalink to this headline"><font><font>¶</font></font></a></h2>
<p><font><font>到现在为止，这份文件已处理的低级别的API操纵认证相关的对象。</font><font>Django的更高的层次上，可以此认证框架挂接到它的系统
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest" title="django.http.HttpRequest"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>请求</font></font></span> <span class="pre"><font><font>对象</font></font></span></tt></a><font><font>。</font></font></p>
<p><font><font>首先，</font><font>
通过将它们添加到您的</font><font>安装的
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/middleware/#django.contrib.sessions.middleware.SessionMiddleware" title="django.contrib.sessions.middleware.SessionMiddleware"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>SessionMiddleware</font></font></span></tt></a><font><font>和
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/middleware/#django.contrib.auth.middleware.AuthenticationMiddleware" title="django.contrib.auth.middleware.AuthenticationMiddleware"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>AuthenticationMiddleware</font></font></span></tt></a><font><font>中间件</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-MIDDLEWARE_CLASSES"><tt class="xref std std-setting docutils literal"><span class="pre"><font><font>的MIDDLEWARE_CLASSES</font></font></span></tt></a><font><font>设置。</font><font>见</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/http/sessions/"><em><font><font>会议文件</font></font></em></a><font><font>的更多信息。</font></font></p>
<p><font><font>一旦你有安装那些中间件，你就可以访问
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest.user" title="django.http.HttpRequest.user"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>request.user</font></font></span></tt></a><font><font>的意见。
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest.user" title="django.http.HttpRequest.user"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>request.user</font></font></span></tt></a><font><font>会给你一个
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象，表示当前登录的用户。</font><font>如果用户目前没有登录，
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest.user" title="django.http.HttpRequest.user"><tt class="xref py py-attr docutils literal"><span class="pre"><font><font>request.user</font></font></span></tt></a><font><font>将被设置为一个的实例</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>AnonymousUser</font></font></span></tt></a><font><font>（参见上一节）。</font><font>你可以告诉他们除了
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_authenticated" title="django.contrib.auth.models.User.is_authenticated"><tt class="xref py py-meth docutils literal"><span class="pre"><font><font>is_authenticated（） </font></font></span></tt></a><font><font>，</font><font>像这样：</font></font></p>
<div class="highlight-python"><pre><font><font>如果request.user.is_authenticated（）：</font></font><font></font><font><font>
    ＃身份验证的用户做的东西。</font></font><font></font><font><font>
其他：</font></font><font></font><font><font>
    ＃匿名用户的东西。</font></font></pre>
</div>
<div class="section" id="s-how-to-log-a-user-in">
<span id="s-id1"></span><span id="how-to-log-a-user-in"></span><span id="id1"></span><h3><font><font>如何登录用户在</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#how-to-log-a-user-in" title="Permalink to this headline"><font><font>¶</font></font></a></h3>
<p><font><font>Django提供了两个功能</font><font>：
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#module-django.contrib.auth" title="django.contrib.auth: Django&#39;s authentication framework."><tt class="xref py py-mod docutils literal"><span class="pre"><font><font>django.contrib.auth </font></font></span></tt></a><font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>验证（）</font></font></span></tt></a><font><font>和
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.login" title="django.contrib.auth.login"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>登录（） </font></font></span></tt></a><font><font>。</font></font></p>
<dl class="function">
<dt id="django.contrib.auth.authenticate">
<tt class="descname"><font><font>验证</font></font></tt><font><font>（）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.authenticate" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>为了验证一个给定的用户名和密码，使用
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>验证（） </font></font></span></tt></a><font><font>。</font><font>这两个关键字参数，</font></font><tt class="docutils literal"><span class="pre"><font><font>用户名</font></font></span></tt><font><font>和</font></font><tt class="docutils literal"><span class="pre"><font><font>密码</font></font></span></tt><font><font>，</font><font>如果给定的用户名密码是有效的，</font><font>它返回
</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>一个</font></font></span></tt></a><font><font> User 对象。</font><font>如果密码是无效的，
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>验证（）</font></font></span></tt></a><font><font>返回</font></font><tt class="xref docutils literal"><span class="pre"><font><font>没有</font></font></span></tt><font><font>。</font><font>例如：</font></font></p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn"><font></font></span> <span class="nn"><font></font></span> <span class="kn"><font></font></span> <span class="n"><font></font></span>
<span class="n"><font></font></span> <span class="o"><font></font></span> <span class="n"><font></font></span><span class="p"><font></font></span><span class="n"><font></font></span><span class="o"><font></font></span><span class="s"><font></font></span><span class="p"><font></font></span> <span class="n"><font></font></span><span class="o"><font></font></span><span class="s"><font></font></span><span class="p"><font></font></span>
<span class="k"><font></font></span> <span class="n"><font></font></span> <span class="ow"><font></font></span> <span class="ow"><font></font></span> <span class="bp"><font></font></span><span class="p"><font></font></span>
    <span class="k"><font></font></span> <span class="n"><font></font></span><span class="o"><font></font></span><span class="n"><font></font></span><span class="p"><font></font></span>
        <span class="k"><font></font></span> <span class="s"><font><font>提供了正确的用户名和密码！“ </font></font></span>
    <span class="k"><font><font>其他</font></font></span><span class="p"><font><font>：</font></font></span>
        <span class="k"><font><font>打印</font></font></span> <span class="s"><font><font>“您的帐户已禁用”！</font></font></span>
<span class="k"><font><font>其他</font></font></span><span class="p"><font><font>：</font></font></span>
    <span class="k"><font><font>打印</font></font></span> <span class="s"><font><font>“您的用户名和密码是不正确的”。</font></font></span>
</pre></div>
</div>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.login">
<tt class="descname"><font><font>登录</font></font></tt><font><font>（）</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.login" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><p><font><font>登录用户在视图中，使用</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.login" title="django.contrib.auth.login"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>登录（） </font></font></span></tt></a><font><font>。</font><font>它需要</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest" title="django.http.HttpRequest"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>一个</font></font></span></tt></a><font><font> HttpRequest </font><font>对象和
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>对象。
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.login" title="django.contrib.auth.login"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>登录（）</font></font></span></tt></a><font><font>节省了用户的会话ID，使用Django的session框架，因此，如上所述，您需要确保安装会话中间件。</font></font></p>
<p><font><font>请注意，当用户登录匿名会议期间的数据将被保留</font></font></p>
<p><font><font>这个例子显示了如何使用都
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>验证（）</font></font></span></tt></a><font><font>和
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.login" title="django.contrib.auth.login"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>登录（） </font></font></span></tt></a><font><font>：</font></font></p>
<div class="highlight-python"><pre><font><font>从django.contrib.auth进口身份验证，登录</font></font><font></font>
<font></font><font><font>
DEF my_view（请求）：</font></font><font></font><font><font>
    用户名= request.POST ['用户名']</font></font><font></font><font><font>
    密码= request.POST ['密码']</font></font><font></font><font><font>
    用户验证（用户名=用户名，密码=密码）</font></font><font></font><font><font>
    如果用户是不是没有：</font></font><font></font><font><font>
        如果user.is_active：</font></font><font></font><font><font>
            登录（请求，用户）</font></font><font></font><font><font>
            ＃重定向到成功页面。</font></font><font></font><font><font>
        其他：</font></font><font></font><font><font>
            ＃返回“禁用帐户”错误消息</font></font><font></font><font><font>
    其他：</font></font><font></font><font><font>
        ＃返回一个“无效登录”的错误讯息。</font></font></pre>
</div>
</dd></dl>

<div class="admonition-calling-authenticate-first admonition ">
<p class="first admonition-title"><font><font>调用</font></font><tt class="docutils literal"><span class="pre"><font><font>验证（）</font></font></span></tt><font></font></p>
<p class="last"><font><font>当你手动记录一个用户，你</font></font><em><font><font>必须</font></font></em><font><font>调用
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>验证（）</font></font></span></tt></a><font><font>之前调用
 </font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.login" title="django.contrib.auth.login"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>登录（）</font></font></span></tt></a><font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><tt class="xref py py-func docutils literal"><span class="pre"><font><font>验证（）</font></font></span></tt></a><font><font> 
设置属性的</font></font><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre"><font><font>用户</font></font></span></tt></a><font><font>成功验证的认证后端用户（见
 </font></font><a class="reference external" href="https://docs.djangoproject.com/en/1.4/topics/auth/#other-authentication-sources"><font><font>后端的文件</font></font></a><font><font>详细信息），后来在登录过程中需要这些信息。</font></font></p>
</div>
</div>
<div class="section" id="s-manually-managing-a-user-s-password">
<span id="manually-managing-a-user-s-password"></span><h3><font><font>手动管理用户的密码</font></font><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#manually-managing-a-user-s-password" title="Permalink to this headline"><font><font>¶</font></font></a></h3>
<div class="versionadded">
<span class="title"><font><font>在Django 1.4：</font></font></span><font></font><tt class="xref py py-mod docutils literal"><span class="pre"><font><font>django.contrib.auth.hashers</font></font></span></tt><font><font>模块提供了一组函数来创建和验证哈希密码。</font><font>从</font></font><tt class="docutils literal"><span class="pre"><font><font>用户</font></font></span></tt><font><font>模式，</font><font>你可以用它们独立</font><font>。</font></font></div>
<dl class="function">
<dt id="django.contrib.auth.hashers.check_password">
<tt class="descname"><font><font>check_password</font></font></tt><font><font>（）</font></font><a class="headerlink" href="./Django   User authentication in Django   Django documentation111_files/Django   User authentication in Django   Django documentation111.htm" title="Permalink to this definition"><font><font>¶</font></font></a></dt>
<dd><div class="versionadded">
<span class="title"><font><font>在Django 1.4的新功能：</font></font></span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.4/"><em><font><font>请参阅发行说明</font></font></em></a></div>
<p><font><font class="">如果您想手动纯文本密码通过比较数据库中的哈希密码进行身份验证的用户，使用的方便功能</font></font>If you'd like to manually authenticate a user by comparing a plain-text
password to the hashed password in the database, use the convenience
function <a class="reference internal" href="./Django   User authentication in Django   Django documentation111_files/Django   User authentication in Django   Django documentation111.htm" title="django.contrib.auth.hashers.check_password"><tt class="xref py py-func docutils literal"><span class="pre"><font><font class="">django.contrib.auth.hashers.check_password（） </font></font>django.contrib.auth.hashers.check_password()</span></tt></a><font><font class="">。</font></font>. It takes two
arguments: the plain-text password to check, and the full value of a
user's <tt class="docutils literal"><span class="pre"><font></font>password</span></tt><font></font> field in the database to check against, and returns
<tt class="xref docutils literal"><span class="pre"><font></font>True</span></tt><font></font> if they match, <tt class="xref docutils literal"><span class="pre"><font></font>False</span></tt><font></font> otherwise.</p>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.hashers.make_password">
<tt class="descname">make_password</tt>()<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.hashers.make_password" title="Permalink to this definition">¶</a></dt>
<dd><div class="versionadded">
<span class="title">New in Django 1.4:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.4/"><em>Please see the release notes</em></a></div>
<p>Creates a hashed password in the format used by this application. It takes
two arguments: hashing algorithm to use and the password in plain-text.
Currently supported algorithms are: <tt class="docutils literal"><span class="pre">'sha1'</span></tt>, <tt class="docutils literal"><span class="pre">'md5'</span></tt> and <tt class="docutils literal"><span class="pre">'crypt'</span></tt>
if you have the <tt class="docutils literal"><span class="pre">crypt</span></tt> library installed. If the second argument is
<tt class="xref docutils literal"><span class="pre">None</span></tt>, an unusable password is returned (a one that will be never
accepted by <a class="reference internal" href="./Django   User authentication in Django   Django documentation111_files/Django   User authentication in Django   Django documentation111.htm" title="django.contrib.auth.hashers.check_password"><tt class="xref py py-func docutils literal"><span class="pre">django.contrib.auth.hashers.check_password()</span></tt></a>).</p>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.hashers.is_password_usable">
<tt class="descname">is_password_usable</tt>()<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.hashers.is_password_usable" title="Permalink to this definition">¶</a></dt>
<dd><div class="versionadded">
<span class="title">New in Django 1.4:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.4/"><em>Please see the release notes</em></a></div>
<p>Checks if the given string is a hashed password that has a chance
of being verified against <a class="reference internal" href="./Django   User authentication in Django   Django documentation111_files/Django   User authentication in Django   Django documentation111.htm" title="django.contrib.auth.hashers.check_password"><tt class="xref py py-func docutils literal"><span class="pre">django.contrib.auth.hashers.check_password()</span></tt></a>.</p>
</dd></dl>

</div>
<div class="section" id="s-how-to-log-a-user-out">
<span id="how-to-log-a-user-out"></span><h3>How to log a user out<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#how-to-log-a-user-out" title="Permalink to this headline">¶</a></h3>
<dl class="function">
<dt id="django.contrib.auth.logout">
<tt class="descname">logout</tt>()<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.logout" title="Permalink to this definition">¶</a></dt>
<dd><p>To log out a user who has been logged in via
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.login" title="django.contrib.auth.login"><tt class="xref py py-func docutils literal"><span class="pre">django.contrib.auth.login()</span></tt></a>, use
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.logout" title="django.contrib.auth.logout"><tt class="xref py py-func docutils literal"><span class="pre">django.contrib.auth.logout()</span></tt></a> within your view. It takes an
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest" title="django.http.HttpRequest"><tt class="xref py py-class docutils literal"><span class="pre">HttpRequest</span></tt></a> object and has no return value.
Example:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.contrib.auth</span> <span class="kn">import</span> <span class="n">logout</span><font></font>
<font></font>
<span class="k">def</span> <span class="nf">logout_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="n">logout</span><span class="p">(</span><span class="n">request</span><span class="p">)</span>
    <span class="c"># Redirect to a success page.</span>
</pre></div>
</div>
<p>Note that <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.logout" title="django.contrib.auth.logout"><tt class="xref py py-func docutils literal"><span class="pre">logout()</span></tt></a> doesn't throw any errors if
the user wasn't logged in.</p>
<p>When you call <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.logout" title="django.contrib.auth.logout"><tt class="xref py py-func docutils literal"><span class="pre">logout()</span></tt></a>, the session data for
the current request is completely cleaned out. All existing data is
removed. This is to prevent another person from using the same Web browser
to log in and have access to the previous user's session data. If you want
to put anything into the session that will be available to the user
immediately after logging out, do that <em>after</em> calling
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.logout" title="django.contrib.auth.logout"><tt class="xref py py-func docutils literal"><span class="pre">django.contrib.auth.logout()</span></tt></a>.</p>
</dd></dl>

</div>
<div class="section" id="s-login-and-logout-signals">
<span id="s-topics-auth-signals"></span><span id="login-and-logout-signals"></span><span id="topics-auth-signals"></span><h3>Login and logout signals<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#login-and-logout-signals" title="Permalink to this headline">¶</a></h3>
<div class="versionadded">
<span class="title">New in Django 1.3:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.3/"><em>Please see the release notes</em></a></div>
<p>The auth framework uses two <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/signals/"><em>signals</em></a> that can be used
for notification when a user logs in or out.</p>
<dl class="data">
<dt id="django.contrib.auth.django.contrib.auth.signals.user_logged_in">
<tt class="descclassname">django.contrib.auth.signals.</tt><tt class="descname">user_logged_in</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.django.contrib.auth.signals.user_logged_in" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>

<p>Sent when a user logs in successfully.</p>
<p>Arguments sent with this signal:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">sender</span></tt></dt>
<dd>As above: the class of the user that just logged in.</dd>
<dt><tt class="docutils literal"><span class="pre">request</span></tt></dt>
<dd>The current <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest" title="django.http.HttpRequest"><tt class="xref py py-class docutils literal"><span class="pre">HttpRequest</span></tt></a> instance.</dd>
<dt><tt class="docutils literal"><span class="pre">user</span></tt></dt>
<dd>The user instance that just logged in.</dd>
</dl>
<dl class="data">
<dt id="django.contrib.auth.django.contrib.auth.signals.user_logged_out">
<tt class="descclassname">django.contrib.auth.signals.</tt><tt class="descname">user_logged_out</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.django.contrib.auth.signals.user_logged_out" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>

<p>Sent when the logout method is called.</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">sender</span></tt></dt>
<dd>As above: the class of the user that just logged out or <tt class="xref docutils literal"><span class="pre">None</span></tt>
if the user was not authenticated.</dd>
<dt><tt class="docutils literal"><span class="pre">request</span></tt></dt>
<dd>The current <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest" title="django.http.HttpRequest"><tt class="xref py py-class docutils literal"><span class="pre">HttpRequest</span></tt></a> instance.</dd>
<dt><tt class="docutils literal"><span class="pre">user</span></tt></dt>
<dd>The user instance that just logged out or <tt class="xref docutils literal"><span class="pre">None</span></tt> if the
user was not authenticated.</dd>
</dl>
</div>
<div class="section" id="s-limiting-access-to-logged-in-users">
<span id="limiting-access-to-logged-in-users"></span><h3>Limiting access to logged-in users<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#limiting-access-to-logged-in-users" title="Permalink to this headline">¶</a></h3>
<div class="section" id="s-the-raw-way">
<span id="the-raw-way"></span><h4>The raw way<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#the-raw-way" title="Permalink to this headline">¶</a></h4>
<p>The simple, raw way to limit access to pages is to check
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.is_authenticated" title="django.contrib.auth.models.User.is_authenticated"><tt class="xref py py-meth docutils literal"><span class="pre">request.user.is_authenticated()</span></tt></a> and either redirect to a
login page:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.http</span> <span class="kn">import</span> <span class="n">HttpResponseRedirect</span><font></font>
<font></font>
<span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="k">if</span> <span class="ow">not</span> <span class="n">request</span><span class="o">.</span><span class="n">user</span><span class="o">.</span><span class="n">is_authenticated</span><span class="p">():</span>
        <span class="k">return</span> <span class="n">HttpResponseRedirect</span><span class="p">(</span><span class="s">'/login/?next=</span><span class="si">%s</span><span class="s">'</span> <span class="o">%</span> <span class="n">request</span><span class="o">.</span><span class="n">path</span><span class="p">)</span>
    <span class="c"># ...</span>
</pre></div>
</div>
<p>...or display an error message:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="k">if</span> <span class="ow">not</span> <span class="n">request</span><span class="o">.</span><span class="n">user</span><span class="o">.</span><span class="n">is_authenticated</span><span class="p">():</span>
        <span class="k">return</span> <span class="n">render_to_response</span><span class="p">(</span><span class="s">'myapp/login_error.html'</span><span class="p">)</span>
    <span class="c"># ...</span>
</pre></div>
</div>
</div>
<div class="section" id="s-the-login-required-decorator">
<span id="the-login-required-decorator"></span><h4>The login_required decorator<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#the-login-required-decorator" title="Permalink to this headline">¶</a></h4>
<dl class="function">
<dt id="django.contrib.auth.decorators.login_required">
<tt class="descclassname">decorators.</tt><tt class="descname">login_required</tt>(<span class="optional">[</span><em>redirect_field_name=REDIRECT_FIELD_NAME</em>, <em>login_url=None</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.login_required" title="Permalink to this definition">¶</a></dt>
<dd><p>As a shortcut, you can use the convenient
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.login_required" title="django.contrib.auth.decorators.login_required"><tt class="xref py py-func docutils literal"><span class="pre">login_required()</span></tt></a> decorator:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.contrib.auth.decorators</span> <span class="kn">import</span> <span class="n">login_required</span><font></font>
<font></font>
<span class="nd">@login_required</span>
<span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="o">...</span>
</pre></div>
</div>
<p><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.login_required" title="django.contrib.auth.decorators.login_required"><tt class="xref py py-func docutils literal"><span class="pre">login_required()</span></tt></a> does the following:</p>
<ul class="simple">
<li>If the user isn't logged in, redirect to
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-LOGIN_URL"><tt class="xref std std-setting docutils literal"><span class="pre">settings.LOGIN_URL</span></tt></a>, passing the current absolute
path in the query string. Example: <tt class="docutils literal"><span class="pre">/accounts/login/?next=/polls/3/</span></tt>.</li>
<li>If the user is logged in, execute the view normally. The view code is
free to assume the user is logged in.</li>
</ul>
<p>By default, the path that the user should be redirected to upon
successful authentication is stored in a query string parameter called
<tt class="docutils literal"><span class="pre">"next"</span></tt>. If you would prefer to use a different name for this parameter,
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.login_required" title="django.contrib.auth.decorators.login_required"><tt class="xref py py-func docutils literal"><span class="pre">login_required()</span></tt></a> takes an
optional <tt class="docutils literal"><span class="pre">redirect_field_name</span></tt> parameter:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.contrib.auth.decorators</span> <span class="kn">import</span> <span class="n">login_required</span><font></font>
<font></font>
<span class="nd">@login_required</span><span class="p">(</span><span class="n">redirect_field_name</span><span class="o">=</span><span class="s">'my_redirect_field'</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="o">...</span>
</pre></div>
</div>
<p>Note that if you provide a value to <tt class="docutils literal"><span class="pre">redirect_field_name</span></tt>, you will most
likely need to customize your login template as well, since the template
context variable which stores the redirect path will use the value of
<tt class="docutils literal"><span class="pre">redirect_field_name</span></tt> as its key rather than <tt class="docutils literal"><span class="pre">"next"</span></tt> (the default).</p>
<div class="versionadded">
<span class="title">New in Django 1.3:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.3/"><em>Please see the release notes</em></a></div>
<p><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.login_required" title="django.contrib.auth.decorators.login_required"><tt class="xref py py-func docutils literal"><span class="pre">login_required()</span></tt></a> also takes an
optional <tt class="docutils literal"><span class="pre">login_url</span></tt> parameter. Example:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.contrib.auth.decorators</span> <span class="kn">import</span> <span class="n">login_required</span><font></font>
<font></font>
<span class="nd">@login_required</span><span class="p">(</span><span class="n">login_url</span><span class="o">=</span><span class="s">'/accounts/login/'</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="o">...</span>
</pre></div>
</div>
<p>Note that if you don't specify the <tt class="docutils literal"><span class="pre">login_url</span></tt> parameter, you'll need to map
the appropriate Django view to <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-LOGIN_URL"><tt class="xref std std-setting docutils literal"><span class="pre">settings.LOGIN_URL</span></tt></a>. For
example, using the defaults, add the following line to your URLconf:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="p">(</span><span class="s">r'^accounts/login/$'</span><span class="p">,</span> <span class="s">'django.contrib.auth.views.login'</span><span class="p">),</span>
</pre></div>
</div>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.views.login">
<tt class="descclassname">views.</tt><tt class="descname">login</tt>(<em>request</em><span class="optional">[</span>, <em>template_name</em>, <em>redirect_field_name</em>, <em>authentication_form</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.login" title="Permalink to this definition">¶</a></dt>
<dd><p><strong>URL name:</strong> <tt class="docutils literal"><span class="pre">login</span></tt></p>
<p>See <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/http/urls/"><em>the URL documentation</em></a> for details on using
named URL patterns.</p>
<p>Here's what <tt class="docutils literal"><span class="pre">django.contrib.auth.views.login</span></tt> does:</p>
<ul class="simple">
<li>If called via <tt class="docutils literal"><span class="pre">GET</span></tt>, it displays a login form that POSTs to the
same URL. More on this in a bit.</li>
<li>If called via <tt class="docutils literal"><span class="pre">POST</span></tt>, it tries to log the user in. If login is
successful, the view redirects to the URL specified in <tt class="docutils literal"><span class="pre">next</span></tt>. If
<tt class="docutils literal"><span class="pre">next</span></tt> isn't provided, it redirects to
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-LOGIN_REDIRECT_URL"><tt class="xref std std-setting docutils literal"><span class="pre">settings.LOGIN_REDIRECT_URL</span></tt></a> (which
defaults to <tt class="docutils literal"><span class="pre">/accounts/profile/</span></tt>). If login isn't successful, it
redisplays the login form.</li>
</ul>
<p>It's your responsibility to provide the login form in a template called
<tt class="docutils literal"><span class="pre">registration/login.html</span></tt> by default. This template gets passed four
template context variables:</p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">form</span></tt>: A <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/forms/api/#django.forms.Form" title="django.forms.Form"><tt class="xref py py-class docutils literal"><span class="pre">Form</span></tt></a> object representing the login
form. See the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/forms/"><em>forms documentation</em></a> for
more on <tt class="docutils literal"><span class="pre">Form</span></tt> objects.</li>
<li><tt class="docutils literal"><span class="pre">next</span></tt>: The URL to redirect to after successful login. This may
contain a query string, too.</li>
<li><tt class="docutils literal"><span class="pre">site</span></tt>: The current <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/contrib/sites/#django.contrib.sites.models.Site" title="django.contrib.sites.models.Site"><tt class="xref py py-class docutils literal"><span class="pre">Site</span></tt></a>,
according to the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-SITE_ID"><tt class="xref std std-setting docutils literal"><span class="pre">SITE_ID</span></tt></a> setting. If you don't have the
site framework installed, this will be set to an instance of
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/contrib/sites/#django.contrib.sites.models.RequestSite" title="django.contrib.sites.models.RequestSite"><tt class="xref py py-class docutils literal"><span class="pre">RequestSite</span></tt></a>, which derives the
site name and domain from the current
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest" title="django.http.HttpRequest"><tt class="xref py py-class docutils literal"><span class="pre">HttpRequest</span></tt></a>.</li>
<li><tt class="docutils literal"><span class="pre">site_name</span></tt>: An alias for <tt class="docutils literal"><span class="pre">site.name</span></tt>. If you don't have the site
framework installed, this will be set to the value of
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest.META" title="django.http.HttpRequest.META"><tt class="xref py py-attr docutils literal"><span class="pre">request.META['SERVER_NAME']</span></tt></a>.
For more on sites, see <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/contrib/sites/"><em>The "sites" framework</em></a>.</li>
</ul>
<p>If you'd prefer not to call the template <tt class="file docutils literal"><span class="pre">registration/login.html</span></tt>,
you can pass the <tt class="docutils literal"><span class="pre">template_name</span></tt> parameter via the extra arguments to
the view in your URLconf. For example, this URLconf line would use
<tt class="file docutils literal"><span class="pre">myapp/login.html</span></tt> instead:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="p">(</span><span class="s">r'^accounts/login/$'</span><span class="p">,</span> <span class="s">'django.contrib.auth.views.login'</span><span class="p">,</span> <span class="p">{</span><span class="s">'template_name'</span><span class="p">:</span> <span class="s">'myapp/login.html'</span><span class="p">}),</span>
</pre></div>
</div>
<p>You can also specify the name of the <tt class="docutils literal"><span class="pre">GET</span></tt> field which contains the URL
to redirect to after login by passing <tt class="docutils literal"><span class="pre">redirect_field_name</span></tt> to the view.
By default, the field is called <tt class="docutils literal"><span class="pre">next</span></tt>.</p>
<p>Here's a sample <tt class="file docutils literal"><span class="pre">registration/login.html</span></tt> template you can use as a
starting point. It assumes you have a <tt class="file docutils literal"><span class="pre">base.html</span></tt> template that
defines a <tt class="docutils literal"><span class="pre">content</span></tt> block:</p>
<div class="highlight-html+django"><div class="highlight"><pre><span class="cp">{%</span> <span class="k">extends</span> <span class="s2">"base.html"</span> <span class="cp">%}</span>
<span class="cp">{%</span> <span class="k">load</span> <span class="nv">url</span> <span class="nv">from</span> <span class="nv">future</span> <span class="cp">%}</span><font></font>
<font></font>
<span class="cp">{%</span> <span class="k">block</span> <span class="nv">content</span> <span class="cp">%}</span><font></font>
<font></font>
<span class="cp">{%</span> <span class="k">if</span> <span class="nv">form.errors</span> <span class="cp">%}</span>
<span class="nt">&lt;p&gt;</span>Your username and password didn't match. Please try again.<span class="nt">&lt;/p&gt;</span>
<span class="cp">{%</span> <span class="k">endif</span> <span class="cp">%}</span><font></font>
<font></font>
<span class="nt">&lt;form</span> <span class="na">method=</span><span class="s">"post"</span> <span class="na">action=</span><span class="s">"</span><span class="cp">{%</span> <span class="k">url</span> <span class="s1">'django.contrib.auth.views.login'</span> <span class="cp">%}</span><span class="s">"</span><span class="nt">&gt;</span>
<span class="cp">{%</span> <span class="k">csrf_token</span> <span class="cp">%}</span>
<span class="nt">&lt;table&gt;</span>
<span class="nt">&lt;tr&gt;</span>
    <span class="nt">&lt;td&gt;</span><span class="cp">{{</span> <span class="nv">form.username.label_tag</span> <span class="cp">}}</span><span class="nt">&lt;/td&gt;</span>
    <span class="nt">&lt;td&gt;</span><span class="cp">{{</span> <span class="nv">form.username</span> <span class="cp">}}</span><span class="nt">&lt;/td&gt;</span>
<span class="nt">&lt;/tr&gt;</span>
<span class="nt">&lt;tr&gt;</span>
    <span class="nt">&lt;td&gt;</span><span class="cp">{{</span> <span class="nv">form.password.label_tag</span> <span class="cp">}}</span><span class="nt">&lt;/td&gt;</span>
    <span class="nt">&lt;td&gt;</span><span class="cp">{{</span> <span class="nv">form.password</span> <span class="cp">}}</span><span class="nt">&lt;/td&gt;</span>
<span class="nt">&lt;/tr&gt;</span>
<span class="nt">&lt;/table&gt;</span><font></font>
<font></font>
<span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">value=</span><span class="s">"login"</span> <span class="nt">/&gt;</span>
<span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"hidden"</span> <span class="na">name=</span><span class="s">"next"</span> <span class="na">value=</span><span class="s">"</span><span class="cp">{{</span> <span class="nv">next</span> <span class="cp">}}</span><span class="s">"</span> <span class="nt">/&gt;</span>
<span class="nt">&lt;/form&gt;</span><font></font>
<font></font>
<span class="cp">{%</span> <span class="k">endblock</span> <span class="cp">%}</span>
</pre></div>
</div>
<div class="versionadded">
<span class="title">New in Django 1.2:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.2/"><em>Please see the release notes</em></a></div>
<p>If you are using alternate authentication (see
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#authentication-backends"><em>Other authentication sources</em></a>) you can pass a custom authentication form
to the login view via the <tt class="docutils literal"><span class="pre">authentication_form</span></tt> parameter. This form must
accept a <tt class="docutils literal"><span class="pre">request</span></tt> keyword argument in its <tt class="docutils literal"><span class="pre">__init__</span></tt> method, and
provide a <tt class="docutils literal"><span class="pre">get_user</span></tt> method which returns the authenticated user object
(this method is only ever called after successful form validation).</p>
<div class="versionadded">
<span class="title">New in Django 1.4:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.4/"><em>Please see the release notes</em></a></div>
<p>The <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.login" title="django.contrib.auth.views.login"><tt class="xref py py-func docutils literal"><span class="pre">login()</span></tt></a> view and the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#other-built-in-views"><em>Other built-in views</em></a> now all
return a <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/template-response/#django.template.response.TemplateResponse" title="django.template.response.TemplateResponse"><tt class="xref py py-class docutils literal"><span class="pre">TemplateResponse</span></tt></a> instance,
which allows you to easily customize the response data before rendering.
For more details, see the
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/template-response/"><em>TemplateResponse documentation</em></a>.</p>
</dd></dl>

</div>
</div>
<div class="section" id="s-module-django.contrib.auth.views">
<span id="s-id2"></span><span id="s-other-built-in-views"></span><span id="module-django.contrib.auth.views"></span><span id="id2"></span><span id="other-built-in-views"></span><h3>Other built-in views<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#module-django.contrib.auth.views" title="Permalink to this headline">¶</a></h3>
<p>In addition to the <tt class="xref py py-func docutils literal"><span class="pre">login()</span></tt> view, the authentication system
includes a few other useful built-in views located in
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#module-django.contrib.auth.views" title="django.contrib.auth.views"><tt class="xref py py-mod docutils literal"><span class="pre">django.contrib.auth.views</span></tt></a>:</p>
<dl class="function">
<dt id="django.contrib.auth.views.logout">
<tt class="descname">logout</tt>(<em>request</em><span class="optional">[</span>, <em>next_page</em>, <em>template_name</em>, <em>redirect_field_name</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.logout" title="Permalink to this definition">¶</a></dt>
<dd><p>Logs a user out.</p>
<p><strong>URL name:</strong> <tt class="docutils literal"><span class="pre">logout</span></tt></p>
<p>See <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/http/urls/"><em>the URL documentation</em></a> for details on using
named URL patterns.</p>
<p><strong>Optional arguments:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">next_page</span></tt>: The URL to redirect to after logout.</li>
<li><tt class="docutils literal"><span class="pre">template_name</span></tt>: The full name of a template to display after
logging the user out. Defaults to
<tt class="file docutils literal"><span class="pre">registration/logged_out.html</span></tt> if no argument is supplied.</li>
<li><tt class="docutils literal"><span class="pre">redirect_field_name</span></tt>: The name of a <tt class="docutils literal"><span class="pre">GET</span></tt> field containing the
URL to redirect to after log out. Overrides <tt class="docutils literal"><span class="pre">next_page</span></tt> if the given
<tt class="docutils literal"><span class="pre">GET</span></tt> parameter is passed.</li>
</ul>
<p><strong>Template context:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">title</span></tt>: The string "Logged out", localized.</li>
<li><tt class="docutils literal"><span class="pre">site</span></tt>: The current <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/contrib/sites/#django.contrib.sites.models.Site" title="django.contrib.sites.models.Site"><tt class="xref py py-class docutils literal"><span class="pre">Site</span></tt></a>,
according to the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-SITE_ID"><tt class="xref std std-setting docutils literal"><span class="pre">SITE_ID</span></tt></a> setting. If you don't have the
site framework installed, this will be set to an instance of
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/contrib/sites/#django.contrib.sites.models.RequestSite" title="django.contrib.sites.models.RequestSite"><tt class="xref py py-class docutils literal"><span class="pre">RequestSite</span></tt></a>, which derives the
site name and domain from the current
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest" title="django.http.HttpRequest"><tt class="xref py py-class docutils literal"><span class="pre">HttpRequest</span></tt></a>.</li>
<li><tt class="docutils literal"><span class="pre">site_name</span></tt>: An alias for <tt class="docutils literal"><span class="pre">site.name</span></tt>. If you don't have the site
framework installed, this will be set to the value of
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest.META" title="django.http.HttpRequest.META"><tt class="xref py py-attr docutils literal"><span class="pre">request.META['SERVER_NAME']</span></tt></a>.
For more on sites, see <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/contrib/sites/"><em>The "sites" framework</em></a>.</li>
</ul>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.views.logout_then_login">
<tt class="descname">logout_then_login</tt>(<em>request</em><span class="optional">[</span>, <em>login_url</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.logout_then_login" title="Permalink to this definition">¶</a></dt>
<dd><p>Logs a user out, then redirects to the login page.</p>
<p><strong>URL name:</strong> No default URL provided</p>
<p><strong>Optional arguments:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">login_url</span></tt>: The URL of the login page to redirect to.
Defaults to <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-LOGIN_URL"><tt class="xref std std-setting docutils literal"><span class="pre">settings.LOGIN_URL</span></tt></a> if not supplied.</li>
</ul>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.views.password_change">
<tt class="descname">password_change</tt>(<em>request</em><span class="optional">[</span>, <em>template_name</em>, <em>post_change_redirect</em>, <em>password_change_form</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.password_change" title="Permalink to this definition">¶</a></dt>
<dd><p>Allows a user to change their password.</p>
<p><strong>URL name:</strong> <tt class="docutils literal"><span class="pre">password_change</span></tt></p>
<p><strong>Optional arguments:</strong></p>
<ul>
<li><p class="first"><tt class="docutils literal"><span class="pre">template_name</span></tt>: The full name of a template to use for
displaying the password change form. Defaults to
<tt class="file docutils literal"><span class="pre">registration/password_change_form.html</span></tt> if not supplied.</p>
</li>
<li><p class="first"><tt class="docutils literal"><span class="pre">post_change_redirect</span></tt>: The URL to redirect to after a successful
password change.</p>
<div class="versionadded">
<span class="title">New in Django 1.2:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.2/"><em>Please see the release notes</em></a></div>
</li>
<li><p class="first"><tt class="docutils literal"><span class="pre">password_change_form</span></tt>: A custom "change password" form which must
accept a <tt class="docutils literal"><span class="pre">user</span></tt> keyword argument. The form is responsible for
actually changing the user's password. Defaults to
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.PasswordChangeForm" title="django.contrib.auth.forms.PasswordChangeForm"><tt class="xref py py-class docutils literal"><span class="pre">PasswordChangeForm</span></tt></a>.</p>
</li>
</ul>
<p><strong>Template context:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">form</span></tt>: The password change form (see <tt class="docutils literal"><span class="pre">password_change_form</span></tt> above).</li>
</ul>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.views.password_change_done">
<tt class="descname">password_change_done</tt>(<em>request</em><span class="optional">[</span>, <em>template_name</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.password_change_done" title="Permalink to this definition">¶</a></dt>
<dd><p>The page shown after a user has changed their password.</p>
<p><strong>URL name:</strong> <tt class="docutils literal"><span class="pre">password_change_done</span></tt></p>
<p><strong>Optional arguments:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">template_name</span></tt>: The full name of a template to use.
Defaults to <tt class="file docutils literal"><span class="pre">registration/password_change_done.html</span></tt> if not
supplied.</li>
</ul>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.views.password_reset">
<tt class="descname">password_reset</tt>(<em>request</em><span class="optional">[</span>, <em>is_admin_site</em>, <em>template_name</em>, <em>email_template_name</em>, <em>password_reset_form</em>, <em>token_generator</em>, <em>post_reset_redirect</em>, <em>from_email</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.password_reset" title="Permalink to this definition">¶</a></dt>
<dd><p>Allows a user to reset their password by generating a one-time use link
that can be used to reset the password, and sending that link to the
user's registered email address.</p>
<div class="versionchanged">
<span class="title">Changed in Django 1.3:</span> The <tt class="docutils literal"><span class="pre">from_email</span></tt> argument was added.</div>
<div class="versionchanged">
<span class="title">Changed in Django 1.4:</span> Users flagged with an unusable password (see
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.set_unusable_password" title="django.contrib.auth.models.User.set_unusable_password"><tt class="xref py py-meth docutils literal"><span class="pre">set_unusable_password()</span></tt></a>
will not be able to request a password reset to prevent misuse
when using an external authentication source like LDAP.</div>
<p><strong>URL name:</strong> <tt class="docutils literal"><span class="pre">password_reset</span></tt></p>
<p><strong>Optional arguments:</strong></p>
<ul>
<li><p class="first"><tt class="docutils literal"><span class="pre">template_name</span></tt>: The full name of a template to use for
displaying the password reset form. Defaults to
<tt class="file docutils literal"><span class="pre">registration/password_reset_form.html</span></tt> if not supplied.</p>
</li>
<li><p class="first"><tt class="docutils literal"><span class="pre">email_template_name</span></tt>: The full name of a template to use for
generating the email with the new password. Defaults to
<tt class="file docutils literal"><span class="pre">registration/password_reset_email.html</span></tt> if not supplied.</p>
</li>
<li><p class="first"><tt class="docutils literal"><span class="pre">subject_template_name</span></tt>: The full name of a template to use for
the subject of the email with the new password. Defaults
to <tt class="file docutils literal"><span class="pre">registration/password_reset_subject.txt</span></tt> if not supplied.</p>
<div class="versionadded">
<span class="title">New in Django 1.4:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.4/"><em>Please see the release notes</em></a></div>
</li>
<li><p class="first"><tt class="docutils literal"><span class="pre">password_reset_form</span></tt>: Form that will be used to set the password.
Defaults to <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.PasswordResetForm" title="django.contrib.auth.forms.PasswordResetForm"><tt class="xref py py-class docutils literal"><span class="pre">PasswordResetForm</span></tt></a>.</p>
</li>
<li><p class="first"><tt class="docutils literal"><span class="pre">token_generator</span></tt>: Instance of the class to check the password. This
will default to <tt class="docutils literal"><span class="pre">default_token_generator</span></tt>, it's an instance of
<tt class="docutils literal"><span class="pre">django.contrib.auth.tokens.PasswordResetTokenGenerator</span></tt>.</p>
</li>
<li><p class="first"><tt class="docutils literal"><span class="pre">post_reset_redirect</span></tt>: The URL to redirect to after a successful
password change.</p>
</li>
<li><p class="first"><tt class="docutils literal"><span class="pre">from_email</span></tt>: A valid email address. By default Django uses
the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-DEFAULT_FROM_EMAIL"><tt class="xref std std-setting docutils literal"><span class="pre">DEFAULT_FROM_EMAIL</span></tt></a>.</p>
</li>
</ul>
<p><strong>Template context:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">form</span></tt>: The form (see <tt class="docutils literal"><span class="pre">password_reset_form</span></tt> above) for resetting
the user's password.</li>
</ul>
<p><strong>Email template context:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">email</span></tt>: An alias for <tt class="docutils literal"><span class="pre">user.email</span></tt></li>
<li><tt class="docutils literal"><span class="pre">user</span></tt>: The current <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a>,
according to the <tt class="docutils literal"><span class="pre">email</span></tt> form field. Only active users are able to
reset their passwords (<tt class="docutils literal"><span class="pre">User.is_active</span> <span class="pre">is</span> <span class="pre">True</span></tt>).</li>
<li><tt class="docutils literal"><span class="pre">site_name</span></tt>: An alias for <tt class="docutils literal"><span class="pre">site.name</span></tt>. If you don't have the site
framework installed, this will be set to the value of
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest.META" title="django.http.HttpRequest.META"><tt class="xref py py-attr docutils literal"><span class="pre">request.META['SERVER_NAME']</span></tt></a>.
For more on sites, see <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/contrib/sites/"><em>The "sites" framework</em></a>.</li>
<li><tt class="docutils literal"><span class="pre">domain</span></tt>: An alias for <tt class="docutils literal"><span class="pre">site.domain</span></tt>. If you don't have the site
framework installed, this will be set to the value of
<tt class="docutils literal"><span class="pre">request.get_host()</span></tt>.</li>
<li><tt class="docutils literal"><span class="pre">protocol</span></tt>: http or https</li>
<li><tt class="docutils literal"><span class="pre">uid</span></tt>: The user's id encoded in base 36.</li>
<li><tt class="docutils literal"><span class="pre">token</span></tt>: Token to check that the password is valid.</li>
</ul>
<p>Sample <tt class="docutils literal"><span class="pre">registration/password_reset_email.html</span></tt> (email body template):</p>
<div class="highlight-html+django"><div class="highlight"><pre><span class="cp">{%</span> <span class="k">load</span> <span class="nv">url</span> <span class="nv">from</span> <span class="nv">future</span> <span class="cp">%}</span>
Someone asked for password reset for email <span class="cp">{{</span> <span class="nv">email</span> <span class="cp">}}</span>. Follow the link below:
<span class="cp">{{</span> <span class="nv">protocol</span><span class="cp">}}</span>://<span class="cp">{{</span> <span class="nv">site_name</span> <span class="cp">}}{%</span> <span class="k">url</span> <span class="s1">'auth_password_reset_confirm'</span> <span class="nv">uidb36</span><span class="o">=</span><span class="nv">uid</span> <span class="nv">token</span><span class="o">=</span><span class="nv">token</span> <span class="cp">%}</span>
</pre></div>
</div>
<p>The same template context is used for subject template. Subject must be
single line plain text string.</p>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.views.password_reset_done">
<tt class="descname">password_reset_done</tt>(<em>request</em><span class="optional">[</span>, <em>template_name</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.password_reset_done" title="Permalink to this definition">¶</a></dt>
<dd><p>The page shown after a user has been emailed a link to reset their
password. This view is called by default if the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.password_reset" title="django.contrib.auth.views.password_reset"><tt class="xref py py-func docutils literal"><span class="pre">password_reset()</span></tt></a> view
doesn't have an explicit <tt class="docutils literal"><span class="pre">post_reset_redirect</span></tt> URL set.</p>
<p><strong>URL name:</strong> <tt class="docutils literal"><span class="pre">password_reset_done</span></tt></p>
<p><strong>Optional arguments:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">template_name</span></tt>: The full name of a template to use.
Defaults to <tt class="file docutils literal"><span class="pre">registration/password_reset_done.html</span></tt> if not
supplied.</li>
</ul>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.views.password_reset_confirm">
<tt class="descname">password_reset_confirm</tt>(<em>request</em><span class="optional">[</span>, <em>uidb36</em>, <em>token</em>, <em>template_name</em>, <em>token_generator</em>, <em>set_password_form</em>, <em>post_reset_redirect</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.password_reset_confirm" title="Permalink to this definition">¶</a></dt>
<dd><p>Presents a form for entering a new password.</p>
<p><strong>URL name:</strong> <tt class="docutils literal"><span class="pre">password_reset_confirm</span></tt></p>
<p><strong>Optional arguments:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">uidb36</span></tt>: The user's id encoded in base 36. Defaults to <tt class="xref docutils literal"><span class="pre">None</span></tt>.</li>
<li><tt class="docutils literal"><span class="pre">token</span></tt>: Token to check that the password is valid. Defaults to
<tt class="xref docutils literal"><span class="pre">None</span></tt>.</li>
<li><tt class="docutils literal"><span class="pre">template_name</span></tt>: The full name of a template to display the confirm
password view. Default value is <tt class="file docutils literal"><span class="pre">registration/password_reset_confirm.html</span></tt>.</li>
<li><tt class="docutils literal"><span class="pre">token_generator</span></tt>: Instance of the class to check the password. This
will default to <tt class="docutils literal"><span class="pre">default_token_generator</span></tt>, it's an instance of
<tt class="docutils literal"><span class="pre">django.contrib.auth.tokens.PasswordResetTokenGenerator</span></tt>.</li>
<li><tt class="docutils literal"><span class="pre">set_password_form</span></tt>: Form that will be used to set the password.
Defaults to <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.SetPasswordForm" title="django.contrib.auth.forms.SetPasswordForm"><tt class="xref py py-class docutils literal"><span class="pre">SetPasswordForm</span></tt></a></li>
<li><tt class="docutils literal"><span class="pre">post_reset_redirect</span></tt>: URL to redirect after the password reset
done. Defaults to <tt class="xref docutils literal"><span class="pre">None</span></tt>.</li>
</ul>
<p><strong>Template context:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">form</span></tt>: The form (see <tt class="docutils literal"><span class="pre">set_password_form</span></tt> above) for setting the
new user's password.</li>
<li><tt class="docutils literal"><span class="pre">validlink</span></tt>: Boolean, True if the link (combination of uidb36 and
token) is valid or unused yet.</li>
</ul>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.views.password_reset_complete">
<tt class="descname">password_reset_complete</tt>(<em>request</em><span class="optional">[</span>, <em>template_name</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.password_reset_complete" title="Permalink to this definition">¶</a></dt>
<dd><p>Presents a view which informs the user that the password has been
successfully changed.</p>
<p><strong>URL name:</strong> <tt class="docutils literal"><span class="pre">password_reset_complete</span></tt></p>
<p><strong>Optional arguments:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">template_name</span></tt>: The full name of a template to display the view.
Defaults to <tt class="file docutils literal"><span class="pre">registration/password_reset_complete.html</span></tt>.</li>
</ul>
</dd></dl>

</div>
<div class="section" id="s-helper-functions">
<span id="helper-functions"></span><h3>Helper functions<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#helper-functions" title="Permalink to this headline">¶</a></h3>
<dl class="function">
<dt id="django.contrib.auth.views.redirect_to_login">
<tt class="descname">redirect_to_login</tt>(<em>next</em><span class="optional">[</span>, <em>login_url</em>, <em>redirect_field_name</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.redirect_to_login" title="Permalink to this definition">¶</a></dt>
<dd><p>Redirects to the login page, and then back to another URL after a
successful login.</p>
<p><strong>Required arguments:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">next</span></tt>: The URL to redirect to after a successful login.</li>
</ul>
<p><strong>Optional arguments:</strong></p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">login_url</span></tt>: The URL of the login page to redirect to.
Defaults to <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-LOGIN_URL"><tt class="xref std std-setting docutils literal"><span class="pre">settings.LOGIN_URL</span></tt></a> if not supplied.</li>
<li><tt class="docutils literal"><span class="pre">redirect_field_name</span></tt>: The name of a <tt class="docutils literal"><span class="pre">GET</span></tt> field containing the
URL to redirect to after log out. Overrides <tt class="docutils literal"><span class="pre">next</span></tt> if the given
<tt class="docutils literal"><span class="pre">GET</span></tt> parameter is passed.</li>
</ul>
</dd></dl>

</div>
<div class="section" id="s-module-django.contrib.auth.forms">
<span id="s-built-in-forms"></span><span id="module-django.contrib.auth.forms"></span><span id="built-in-forms"></span><h3>Built-in forms<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#module-django.contrib.auth.forms" title="Permalink to this headline">¶</a></h3>
<p>If you don't want to use the built-in views, but want the convenience of not
having to write forms for this functionality, the authentication system
provides several built-in forms located in <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#module-django.contrib.auth.forms" title="django.contrib.auth.forms"><tt class="xref py py-mod docutils literal"><span class="pre">django.contrib.auth.forms</span></tt></a>:</p>
<dl class="class">
<dt id="django.contrib.auth.forms.AdminPasswordChangeForm">
<em class="property">class </em><tt class="descname">AdminPasswordChangeForm</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.AdminPasswordChangeForm" title="Permalink to this definition">¶</a></dt>
<dd><p>A form used in the admin interface to change a user's password.</p>
</dd></dl>

<dl class="class">
<dt id="django.contrib.auth.forms.AuthenticationForm">
<em class="property">class </em><tt class="descname">AuthenticationForm</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.AuthenticationForm" title="Permalink to this definition">¶</a></dt>
<dd><p>A form for logging a user in.</p>
</dd></dl>

<dl class="class">
<dt id="django.contrib.auth.forms.PasswordChangeForm">
<em class="property">class </em><tt class="descname">PasswordChangeForm</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.PasswordChangeForm" title="Permalink to this definition">¶</a></dt>
<dd><p>A form for allowing a user to change their password.</p>
</dd></dl>

<dl class="class">
<dt id="django.contrib.auth.forms.PasswordResetForm">
<em class="property">class </em><tt class="descname">PasswordResetForm</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.PasswordResetForm" title="Permalink to this definition">¶</a></dt>
<dd><p>A form for generating and emailing a one-time use link to reset a
user's password.</p>
</dd></dl>

<dl class="class">
<dt id="django.contrib.auth.forms.SetPasswordForm">
<em class="property">class </em><tt class="descname">SetPasswordForm</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.SetPasswordForm" title="Permalink to this definition">¶</a></dt>
<dd><p>A form that lets a user change his/her password without entering the old
password.</p>
</dd></dl>

<dl class="class">
<dt id="django.contrib.auth.forms.UserChangeForm">
<em class="property">class </em><tt class="descname">UserChangeForm</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.UserChangeForm" title="Permalink to this definition">¶</a></dt>
<dd><p>A form used in the admin interface to change a user's information and
permissions.</p>
</dd></dl>

<dl class="class">
<dt id="django.contrib.auth.forms.UserCreationForm">
<em class="property">class </em><tt class="descname">UserCreationForm</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.forms.UserCreationForm" title="Permalink to this definition">¶</a></dt>
<dd><p>A form for creating a new user.</p>
</dd></dl>

</div>
<div class="section" id="s-limiting-access-to-logged-in-users-that-pass-a-test">
<span id="limiting-access-to-logged-in-users-that-pass-a-test"></span><h3>Limiting access to logged-in users that pass a test<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#limiting-access-to-logged-in-users-that-pass-a-test" title="Permalink to this headline">¶</a></h3>
<p>To limit access based on certain permissions or some other test, you'd do
essentially the same thing as described in the previous section.</p>
<p>The simple way is to run your test on <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/request-response/#django.http.HttpRequest.user" title="django.http.HttpRequest.user"><tt class="xref py py-attr docutils literal"><span class="pre">request.user</span></tt></a> in the view directly. For example, this view
checks to make sure the user is logged in and has the permission
<tt class="docutils literal"><span class="pre">polls.can_vote</span></tt>:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="k">if</span> <span class="ow">not</span> <span class="n">request</span><span class="o">.</span><span class="n">user</span><span class="o">.</span><span class="n">has_perm</span><span class="p">(</span><span class="s">'polls.can_vote'</span><span class="p">):</span>
        <span class="k">return</span> <span class="n">HttpResponse</span><span class="p">(</span><span class="s">"You can't vote in this poll."</span><span class="p">)</span>
    <span class="c"># ...</span>
</pre></div>
</div>
<dl class="function">
<dt id="django.contrib.auth.decorators.user_passes_test">
<tt class="descname">user_passes_test</tt>(<em>func</em><span class="optional">[</span>, <em>login_url=None</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.user_passes_test" title="Permalink to this definition">¶</a></dt>
<dd><p>As a shortcut, you can use the convenient <tt class="docutils literal"><span class="pre">user_passes_test</span></tt> decorator:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.contrib.auth.decorators</span> <span class="kn">import</span> <span class="n">user_passes_test</span>

<span class="nd">@user_passes_test</span><span class="p">(</span><span class="k">lambda</span> <span class="n">u</span><span class="p">:</span> <span class="n">u</span><span class="o">.</span><span class="n">has_perm</span><span class="p">(</span><span class="s">'polls.can_vote'</span><span class="p">))</span>
<span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="o">...</span>
</pre></div>
</div>
<p>We're using this particular test as a relatively simple example. However,
if you just want to test whether a permission is available to a user, you
can use the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.permission_required" title="django.contrib.auth.decorators.permission_required"><tt class="xref py py-func docutils literal"><span class="pre">permission_required()</span></tt></a>
decorator, described later in this document.</p>
<p><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.user_passes_test" title="django.contrib.auth.decorators.user_passes_test"><tt class="xref py py-func docutils literal"><span class="pre">user_passes_test()</span></tt></a> takes a required
argument: a callable that takes a
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> object and returns <tt class="xref docutils literal"><span class="pre">True</span></tt> if
the user is allowed to view the page. Note that
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.user_passes_test" title="django.contrib.auth.decorators.user_passes_test"><tt class="xref py py-func docutils literal"><span class="pre">user_passes_test()</span></tt></a> does not
automatically check that the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> is
not anonymous.</p>
<p><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.user_passes_test" title="django.contrib.auth.decorators.user_passes_test"><tt class="xref py py-func docutils literal"><span class="pre">user_passes_test()</span></tt></a> takes an
optional <tt class="docutils literal"><span class="pre">login_url</span></tt> argument, which lets you specify the URL for your
login page (<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-LOGIN_URL"><tt class="xref std std-setting docutils literal"><span class="pre">settings.LOGIN_URL</span></tt></a> by default).</p>
<p>For example:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.contrib.auth.decorators</span> <span class="kn">import</span> <span class="n">user_passes_test</span>

<span class="nd">@user_passes_test</span><span class="p">(</span><span class="k">lambda</span> <span class="n">u</span><span class="p">:</span> <span class="n">u</span><span class="o">.</span><span class="n">has_perm</span><span class="p">(</span><span class="s">'polls.can_vote'</span><span class="p">),</span> <span class="n">login_url</span><span class="o">=</span><span class="s">'/login/'</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="o">...</span>
</pre></div>
</div>
</dd></dl>

<div class="section" id="s-the-permission-required-decorator">
<span id="the-permission-required-decorator"></span><h4>The permission_required decorator<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#the-permission-required-decorator" title="Permalink to this headline">¶</a></h4>
<dl class="function">
<dt id="django.contrib.auth.decorators.permission_required">
<tt class="descname">permission_required</tt>(<span class="optional">[</span><em>login_url=None</em>, <em>raise_exception=False</em><span class="optional">]</span>)<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.permission_required" title="Permalink to this definition">¶</a></dt>
<dd><p>It's a relatively common task to check whether a user has a particular
permission. For that reason, Django provides a shortcut for that case: the
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.permission_required" title="django.contrib.auth.decorators.permission_required"><tt class="xref py py-func docutils literal"><span class="pre">permission_required()</span></tt></a> decorator.
Using this decorator, the earlier example can be written as:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.contrib.auth.decorators</span> <span class="kn">import</span> <span class="n">permission_required</span>

<span class="nd">@permission_required</span><span class="p">(</span><span class="s">'polls.can_vote'</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="o">...</span>
</pre></div>
</div>
<p>As for the <tt class="xref py py-meth docutils literal"><span class="pre">User.has_perm()</span></tt> method, permission names take the form
<tt class="docutils literal"><span class="pre">"&lt;app</span> <span class="pre">label&gt;.&lt;permission</span> <span class="pre">codename&gt;"</span></tt> (i.e. <tt class="docutils literal"><span class="pre">polls.can_vote</span></tt> for a
permission on a model in the <tt class="docutils literal"><span class="pre">polls</span></tt> application).</p>
<p>Note that <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.decorators.permission_required" title="django.contrib.auth.decorators.permission_required"><tt class="xref py py-func docutils literal"><span class="pre">permission_required()</span></tt></a>
also takes an optional <tt class="docutils literal"><span class="pre">login_url</span></tt> parameter. Example:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.contrib.auth.decorators</span> <span class="kn">import</span> <span class="n">permission_required</span>

<span class="nd">@permission_required</span><span class="p">(</span><span class="s">'polls.can_vote'</span><span class="p">,</span> <span class="n">login_url</span><span class="o">=</span><span class="s">'/loginpage/'</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="o">...</span>
</pre></div>
</div>
<p>As in the <tt class="xref py py-func docutils literal"><span class="pre">login_required()</span></tt> decorator, <tt class="docutils literal"><span class="pre">login_url</span></tt>
defaults to <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-LOGIN_URL"><tt class="xref std std-setting docutils literal"><span class="pre">settings.LOGIN_URL</span></tt></a>.</p>
<div class="versionchanged">
<span class="title">Changed in Django 1.4:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.4/"><em>Please see the release notes</em></a></div>
<p>Added <tt class="docutils literal"><span class="pre">raise_exception</span></tt> parameter. If given, the decorator will raise
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/exceptions/#django.core.exceptions.PermissionDenied" title="django.core.exceptions.PermissionDenied"><tt class="xref py py-exc docutils literal"><span class="pre">PermissionDenied</span></tt></a>, prompting
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/http/views/#http-forbidden-view"><em>the 403 (HTTP Forbidden) view</em></a> instead of
redirecting to the login page.</p>
</dd></dl>

</div>
</div>
<div class="section" id="s-limiting-access-to-generic-views">
<span id="limiting-access-to-generic-views"></span><h3>Limiting access to generic views<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#limiting-access-to-generic-views" title="Permalink to this headline">¶</a></h3>
<p>To limit access to a <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/class-based-views/"><em>class-based generic view</em></a>,
decorate the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/class-based-views/#django.views.generic.base.View.dispatch" title="django.views.generic.base.View.dispatch"><tt class="xref py py-meth docutils literal"><span class="pre">View.dispatch</span></tt></a>
method on the class. See <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/class-based-views/#id1"><em>Decorating the class</em></a> for details.</p>
<div class="section" id="s-function-based-generic-views">
<span id="function-based-generic-views"></span><h4>Function-based generic views<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#function-based-generic-views" title="Permalink to this headline">¶</a></h4>
<p>To limit access to a <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/generic-views/"><em>function-based generic view</em></a>,
write a thin wrapper around the view, and point your URLconf to your wrapper
instead of the generic view itself. For example:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.views.generic.date_based</span> <span class="kn">import</span> <span class="n">object_detail</span>

<span class="nd">@login_required</span>
<span class="k">def</span> <span class="nf">limited_object_detail</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span>
    <span class="k">return</span> <span class="n">object_detail</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span>
</pre></div>
</div>
</div>
</div>
</div>
<div class="section" id="s-permissions">
<span id="s-id3"></span><span id="permissions"></span><span id="id3"></span><h2>Permissions<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#permissions" title="Permalink to this headline">¶</a></h2>
<p>Django comes with a simple permissions system. It provides a way to assign
permissions to specific users and groups of users.</p>
<p>It's used by the Django admin site, but you're welcome to use it in your own
code.</p>
<p>The Django admin site uses permissions as follows:</p>
<ul class="simple">
<li>Access to view the "add" form and add an object is limited to users with
the "add" permission for that type of object.</li>
<li>Access to view the change list, view the "change" form and change an
object is limited to users with the "change" permission for that type of
object.</li>
<li>Access to delete an object is limited to users with the "delete"
permission for that type of object.</li>
</ul>
<p>Permissions are set globally per type of object, not per specific object
instance. For example, it's possible to say "Mary may change news stories," but
it's not currently possible to say "Mary may change news stories, but only the
ones she created herself" or "Mary may only change news stories that have a
certain status, publication date or ID." The latter functionality is something
Django developers are currently discussing.</p>
<div class="section" id="s-default-permissions">
<span id="default-permissions"></span><h3>Default permissions<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#default-permissions" title="Permalink to this headline">¶</a></h3>
<p>When <tt class="docutils literal"><span class="pre">django.contrib.auth</span></tt> is listed in your <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-INSTALLED_APPS"><tt class="xref std std-setting docutils literal"><span class="pre">INSTALLED_APPS</span></tt></a>
setting, it will ensure that three default permissions -- add, change and
delete -- are created for each Django model defined in one of your installed
applications.</p>
<p>These permissions will be created when you run <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-syncdb"><tt class="xref std std-djadmin docutils literal"><span class="pre">manage.py</span> <span class="pre">syncdb</span></tt></a>; the first time you run <tt class="docutils literal"><span class="pre">syncdb</span></tt> after adding
<tt class="docutils literal"><span class="pre">django.contrib.auth</span></tt> to <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-INSTALLED_APPS"><tt class="xref std std-setting docutils literal"><span class="pre">INSTALLED_APPS</span></tt></a>, the default permissions
will be created for all previously-installed models, as well as for any new
models being installed at that time. Afterward, it will create default
permissions for new models each time you run <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-syncdb"><tt class="xref std std-djadmin docutils literal"><span class="pre">manage.py</span> <span class="pre">syncdb</span></tt></a>.</p>
<p>Assuming you have an application with an
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/models/options/#django.db.models.Options.app_label" title="django.db.models.Options.app_label"><tt class="xref py py-attr docutils literal"><span class="pre">app_label</span></tt></a> <tt class="docutils literal"><span class="pre">foo</span></tt> and a model named <tt class="docutils literal"><span class="pre">Bar</span></tt>,
to test for basic permissions you should use:</p>
<ul class="simple">
<li>add: <tt class="docutils literal"><span class="pre">user.has_perm('foo.add_bar')</span></tt></li>
<li>change: <tt class="docutils literal"><span class="pre">user.has_perm('foo.change_bar')</span></tt></li>
<li>delete: <tt class="docutils literal"><span class="pre">user.has_perm('foo.delete_bar')</span></tt></li>
</ul>
</div>
<div class="section" id="s-custom-permissions">
<span id="s-id4"></span><span id="custom-permissions"></span><span id="id4"></span><h3>Custom permissions<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#custom-permissions" title="Permalink to this headline">¶</a></h3>
<p>To create custom permissions for a given model object, use the <tt class="docutils literal"><span class="pre">permissions</span></tt>
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/db/models/#meta-options"><em>model Meta attribute</em></a>.</p>
<p>This example Task model creates three custom permissions, i.e., actions users
can or cannot do with Task instances, specific to your application:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="k">class</span> <span class="nc">Task</span><span class="p">(</span><span class="n">models</span><span class="o">.</span><span class="n">Model</span><span class="p">):</span>
    <span class="o">...</span>
    <span class="k">class</span> <span class="nc">Meta</span><span class="p">:</span>
        <span class="n">permissions</span> <span class="o">=</span> <span class="p">(</span>
            <span class="p">(</span><span class="s">"view_task"</span><span class="p">,</span> <span class="s">"Can see available tasks"</span><span class="p">),</span>
            <span class="p">(</span><span class="s">"change_task_status"</span><span class="p">,</span> <span class="s">"Can change the status of tasks"</span><span class="p">),</span>
            <span class="p">(</span><span class="s">"close_task"</span><span class="p">,</span> <span class="s">"Can remove a task by setting its status as closed"</span><span class="p">),</span>
        <span class="p">)</span>
</pre></div>
</div>
<p>The only thing this does is create those extra permissions when you run
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/django-admin/#django-admin-syncdb"><tt class="xref std std-djadmin docutils literal"><span class="pre">manage.py</span> <span class="pre">syncdb</span></tt></a>. Your code is in charge of checking the
value of these permissions when an user is trying to access the functionality
provided by the application (viewing tasks, changing the status of tasks,
closing tasks.) Continuing the above example, the following checks if a user may
view tasks:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">user</span><span class="o">.</span><span class="n">has_perm</span><span class="p">(</span><span class="s">'app.view_task'</span><span class="p">)</span>
</pre></div>
</div>
</div>
<div class="section" id="s-id5">
<span id="id5"></span><h3>API reference<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id5" title="Permalink to this headline">¶</a></h3>
<dl class="class">
<dt id="django.contrib.auth.models.models.Permission">
<em class="property">class </em><tt class="descclassname">models.</tt><tt class="descname">Permission</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.models.Permission" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>

<div class="section" id="s-id6">
<span id="id6"></span><h4>Fields<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id6" title="Permalink to this headline">¶</a></h4>
<p><tt class="xref py py-class docutils literal"><span class="pre">Permission</span></tt> objects have the following
fields:</p>
<dl class="attribute">
<dt id="django.contrib.auth.models.Permission.name">
<tt class="descclassname">Permission.</tt><tt class="descname">name</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.Permission.name" title="Permalink to this definition">¶</a></dt>
<dd><p>Required. 50 characters or fewer. Example: <tt class="docutils literal"><span class="pre">'Can</span> <span class="pre">vote'</span></tt>.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.Permission.content_type">
<tt class="descclassname">Permission.</tt><tt class="descname">content_type</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.Permission.content_type" title="Permalink to this definition">¶</a></dt>
<dd><p>Required. A reference to the <tt class="docutils literal"><span class="pre">django_content_type</span></tt> database table, which
contains a record for each installed Django model.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.Permission.codename">
<tt class="descclassname">Permission.</tt><tt class="descname">codename</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.Permission.codename" title="Permalink to this definition">¶</a></dt>
<dd><p>Required. 100 characters or fewer. Example: <tt class="docutils literal"><span class="pre">'can_vote'</span></tt>.</p>
</dd></dl>

</div>
<div class="section" id="s-id7">
<span id="id7"></span><h4>Methods<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id7" title="Permalink to this headline">¶</a></h4>
<p><tt class="xref py py-class docutils literal"><span class="pre">Permission</span></tt> objects have the standard
data-access methods like any other <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/models/instances/"><em>Django model</em></a>.</p>
</div>
</div>
<div class="section" id="s-programmatically-creating-permissions">
<span id="programmatically-creating-permissions"></span><h3>Programmatically creating permissions<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#programmatically-creating-permissions" title="Permalink to this headline">¶</a></h3>
<p>While custom permissions can be defined within a model's <tt class="docutils literal"><span class="pre">Meta</span></tt> class, you
can also create permissions directly. For example, you can create the
<tt class="docutils literal"><span class="pre">can_publish</span></tt> permission for a <tt class="docutils literal"><span class="pre">BlogPost</span></tt> model in <tt class="docutils literal"><span class="pre">myapp</span></tt>:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.contrib.auth.models</span> <span class="kn">import</span> <span class="n">Group</span><span class="p">,</span> <span class="n">Permission</span>
<span class="kn">from</span> <span class="nn">django.contrib.contenttypes.models</span> <span class="kn">import</span> <span class="n">ContentType</span>

<span class="n">content_type</span> <span class="o">=</span> <span class="n">ContentType</span><span class="o">.</span><span class="n">objects</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">app_label</span><span class="o">=</span><span class="s">'myapp'</span><span class="p">,</span> <span class="n">model</span><span class="o">=</span><span class="s">'BlogPost'</span><span class="p">)</span>
<span class="n">permission</span> <span class="o">=</span> <span class="n">Permission</span><span class="o">.</span><span class="n">objects</span><span class="o">.</span><span class="n">create</span><span class="p">(</span><span class="n">codename</span><span class="o">=</span><span class="s">'can_publish'</span><span class="p">,</span>
                                       <span class="n">name</span><span class="o">=</span><span class="s">'Can Publish Posts'</span><span class="p">,</span>
                                       <span class="n">content_type</span><span class="o">=</span><span class="n">content_type</span><span class="p">)</span>
</pre></div>
</div>
<p>The permission can then be assigned to a
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> via its <tt class="docutils literal"><span class="pre">user_permissions</span></tt>
attribute or to a <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.Group" title="django.contrib.auth.models.Group"><tt class="xref py py-class docutils literal"><span class="pre">Group</span></tt></a> via its
<tt class="docutils literal"><span class="pre">permissions</span></tt> attribute.</p>
</div>
</div>
<div class="section" id="s-authentication-data-in-templates">
<span id="authentication-data-in-templates"></span><h2>Authentication data in templates<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#authentication-data-in-templates" title="Permalink to this headline">¶</a></h2>
<p>The currently logged-in user and his/her permissions are made available in the
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/templates/api/"><em>template context</em></a> when you use
<tt class="xref py py-class docutils literal"><span class="pre">RequestContext</span></tt>.</p>
<div class="admonition-technicality admonition ">
<p class="first admonition-title">Technicality</p>
<p class="last">Technically, these variables are only made available in the template context
if you use <tt class="xref py py-class docutils literal"><span class="pre">RequestContext</span></tt> <em>and</em> your
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-TEMPLATE_CONTEXT_PROCESSORS"><tt class="xref std std-setting docutils literal"><span class="pre">TEMPLATE_CONTEXT_PROCESSORS</span></tt></a> setting contains
<tt class="docutils literal"><span class="pre">"django.contrib.auth.context_processors.auth"</span></tt>, which is default. For
more, see the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/templates/api/#subclassing-context-requestcontext"><em>RequestContext docs</em></a>.</p>
</div>
<div class="section" id="s-id8">
<span id="id8"></span><h3>Users<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id8" title="Permalink to this headline">¶</a></h3>
<p>When rendering a template <tt class="xref py py-class docutils literal"><span class="pre">RequestContext</span></tt>, the
currently logged-in user, either a  <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a>
instance or an <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><tt class="xref py py-class docutils literal"><span class="pre">AnonymousUser</span></tt></a> instance, is
stored in the template variable <tt class="docutils literal"><span class="pre">{{</span> <span class="pre">user</span> <span class="pre">}}</span></tt>:</p>
<div class="highlight-html+django"><div class="highlight"><pre><span class="cp">{%</span> <span class="k">if</span> <span class="nv">user.is_authenticated</span> <span class="cp">%}</span>
    <span class="nt">&lt;p&gt;</span>Welcome, <span class="cp">{{</span> <span class="nv">user.username</span> <span class="cp">}}</span>. Thanks for logging in.<span class="nt">&lt;/p&gt;</span>
<span class="cp">{%</span> <span class="k">else</span> <span class="cp">%}</span>
    <span class="nt">&lt;p&gt;</span>Welcome, new user. Please log in.<span class="nt">&lt;/p&gt;</span>
<span class="cp">{%</span> <span class="k">endif</span> <span class="cp">%}</span>
</pre></div>
</div>
<p>This template context variable is not available if a <tt class="docutils literal"><span class="pre">RequestContext</span></tt> is not
being used.</p>
</div>
<div class="section" id="s-id9">
<span id="id9"></span><h3>Permissions<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id9" title="Permalink to this headline">¶</a></h3>
<p>The currently logged-in user's permissions are stored in the template variable
<tt class="docutils literal"><span class="pre">{{</span> <span class="pre">perms</span> <span class="pre">}}</span></tt>. This is an instance of
<tt class="xref py py-class docutils literal"><span class="pre">django.contrib.auth.context_processors.PermWrapper</span></tt>, which is a
template-friendly proxy of permissions.</p>
<div class="versionchanged">
<span class="title">Changed in Django 1.3:</span> Prior to version 1.3, <tt class="docutils literal"><span class="pre">PermWrapper</span></tt> was located in
<tt class="docutils literal"><span class="pre">django.contrib.auth.context_processors</span></tt>.</div>
<p>In the <tt class="docutils literal"><span class="pre">{{</span> <span class="pre">perms</span> <span class="pre">}}</span></tt> object, single-attribute lookup is a proxy to
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.has_module_perms" title="django.contrib.auth.models.User.has_module_perms"><tt class="xref py py-meth docutils literal"><span class="pre">User.has_module_perms</span></tt></a>.
This example would display <tt class="xref docutils literal"><span class="pre">True</span></tt> if the logged-in user had any permissions
in the <tt class="docutils literal"><span class="pre">foo</span></tt> app:</p>
<div class="highlight-python"><pre>{{ perms.foo }}</pre>
</div>
<p>Two-level-attribute lookup is a proxy to
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.has_perm" title="django.contrib.auth.models.User.has_perm"><tt class="xref py py-meth docutils literal"><span class="pre">User.has_perm</span></tt></a>. This example
would display <tt class="xref docutils literal"><span class="pre">True</span></tt> if the logged-in user had the permission
<tt class="docutils literal"><span class="pre">foo.can_vote</span></tt>:</p>
<div class="highlight-python"><pre>{{ perms.foo.can_vote }}</pre>
</div>
<p>Thus, you can check permissions in template <tt class="docutils literal"><span class="pre">{%</span> <span class="pre">if</span> <span class="pre">%}</span></tt> statements:</p>
<div class="highlight-html+django"><div class="highlight"><pre><span class="cp">{%</span> <span class="k">if</span> <span class="nv">perms.foo</span> <span class="cp">%}</span>
    <span class="nt">&lt;p&gt;</span>You have permission to do something in the foo app.<span class="nt">&lt;/p&gt;</span>
    <span class="cp">{%</span> <span class="k">if</span> <span class="nv">perms.foo.can_vote</span> <span class="cp">%}</span>
        <span class="nt">&lt;p&gt;</span>You can vote!<span class="nt">&lt;/p&gt;</span>
    <span class="cp">{%</span> <span class="k">endif</span> <span class="cp">%}</span>
    <span class="cp">{%</span> <span class="k">if</span> <span class="nv">perms.foo.can_drive</span> <span class="cp">%}</span>
        <span class="nt">&lt;p&gt;</span>You can drive!<span class="nt">&lt;/p&gt;</span>
    <span class="cp">{%</span> <span class="k">endif</span> <span class="cp">%}</span>
<span class="cp">{%</span> <span class="k">else</span> <span class="cp">%}</span>
    <span class="nt">&lt;p&gt;</span>You don't have permission to do anything in the foo app.<span class="nt">&lt;/p&gt;</span>
<span class="cp">{%</span> <span class="k">endif</span> <span class="cp">%}</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="s-groups">
<span id="groups"></span><h2>Groups<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#groups" title="Permalink to this headline">¶</a></h2>
<p>Groups are a generic way of categorizing users so you can apply permissions, or
some other label, to those users. A user can belong to any number of groups.</p>
<p>A user in a group automatically has the permissions granted to that group. For
example, if the group <tt class="docutils literal"><span class="pre">Site</span> <span class="pre">editors</span></tt> has the permission
<tt class="docutils literal"><span class="pre">can_edit_home_page</span></tt>, any user in that group will have that permission.</p>
<p>Beyond permissions, groups are a convenient way to categorize users to give
them some label, or extended functionality. For example, you could create a
group <tt class="docutils literal"><span class="pre">'Special</span> <span class="pre">users'</span></tt>, and you could write code that could, say, give them
access to a members-only portion of your site, or send them members-only email
messages.</p>
<div class="section" id="s-id10">
<span id="id10"></span><h3>API reference<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id10" title="Permalink to this headline">¶</a></h3>
<dl class="class">
<dt id="django.contrib.auth.models.Group">
<em class="property">class </em><tt class="descclassname">models.</tt><tt class="descname">Group</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.Group" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>

<div class="section" id="s-id11">
<span id="id11"></span><h4>Fields<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id11" title="Permalink to this headline">¶</a></h4>
<p><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.Group" title="django.contrib.auth.models.Group"><tt class="xref py py-class docutils literal"><span class="pre">Group</span></tt></a> objects have the following fields:</p>
<dl class="attribute">
<dt id="django.contrib.auth.Group.name">
<tt class="descclassname">Group.</tt><tt class="descname">name</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.Group.name" title="Permalink to this definition">¶</a></dt>
<dd><p>Required. 80 characters or fewer. Any characters are permitted. Example:
<tt class="docutils literal"><span class="pre">'Awesome</span> <span class="pre">Users'</span></tt>.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.Group.permissions">
<tt class="descclassname">Group.</tt><tt class="descname">permissions</tt><a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.Group.permissions" title="Permalink to this definition">¶</a></dt>
<dd><p>Many-to-many field to <tt class="xref py py-class docutils literal"><span class="pre">Permissions</span></tt>:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">group</span><span class="o">.</span><span class="n">permissions</span> <span class="o">=</span> <span class="p">[</span><span class="n">permission_list</span><span class="p">]</span>
<span class="n">group</span><span class="o">.</span><span class="n">permissions</span><span class="o">.</span><span class="n">add</span><span class="p">(</span><span class="n">permission</span><span class="p">,</span> <span class="n">permission</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span>
<span class="n">group</span><span class="o">.</span><span class="n">permissions</span><span class="o">.</span><span class="n">remove</span><span class="p">(</span><span class="n">permission</span><span class="p">,</span> <span class="n">permission</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span>
<span class="n">group</span><span class="o">.</span><span class="n">permissions</span><span class="o">.</span><span class="n">clear</span><span class="p">()</span>
</pre></div>
</div>
</dd></dl>

</div>
</div>
</div>
<div class="section" id="s-other-authentication-sources">
<span id="s-authentication-backends"></span><span id="other-authentication-sources"></span><span id="authentication-backends"></span><h2>Other authentication sources<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#other-authentication-sources" title="Permalink to this headline">¶</a></h2>
<p>The authentication that comes with Django is good enough for most common cases,
but you may have the need to hook into another authentication source -- that
is, another source of usernames and passwords or authentication methods.</p>
<p>For example, your company may already have an LDAP setup that stores a username
and password for every employee. It'd be a hassle for both the network
administrator and the users themselves if users had separate accounts in LDAP
and the Django-based applications.</p>
<p>So, to handle situations like this, the Django authentication system lets you
plug in other authentication sources. You can override Django's default
database-based scheme, or you can use the default system in tandem with other
systems.</p>
<p>See the <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/authbackends/"><em>authentication backend reference</em></a>
for information on the authentication backends included with Django.</p>
<div class="section" id="s-specifying-authentication-backends">
<span id="specifying-authentication-backends"></span><h3>Specifying authentication backends<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#specifying-authentication-backends" title="Permalink to this headline">¶</a></h3>
<p>Behind the scenes, Django maintains a list of "authentication backends" that it
checks for authentication. When somebody calls
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><tt class="xref py py-func docutils literal"><span class="pre">django.contrib.auth.authenticate()</span></tt></a> -- as described in <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#how-to-log-a-user-in"><em>How to log
a user in</em></a> above -- Django tries authenticating across
all of its authentication backends. If the first authentication method fails,
Django tries the second one, and so on, until all backends have been attempted.</p>
<p>The list of authentication backends to use is specified in the
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-AUTHENTICATION_BACKENDS"><tt class="xref std std-setting docutils literal"><span class="pre">AUTHENTICATION_BACKENDS</span></tt></a> setting. This should be a tuple of Python
path names that point to Python classes that know how to authenticate. These
classes can be anywhere on your Python path.</p>
<p>By default, <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-AUTHENTICATION_BACKENDS"><tt class="xref std std-setting docutils literal"><span class="pre">AUTHENTICATION_BACKENDS</span></tt></a> is set to:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="p">(</span><span class="s">'django.contrib.auth.backends.ModelBackend'</span><span class="p">,)</span>
</pre></div>
</div>
<p>That's the basic authentication scheme that checks the Django users database.</p>
<p>The order of <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-AUTHENTICATION_BACKENDS"><tt class="xref std std-setting docutils literal"><span class="pre">AUTHENTICATION_BACKENDS</span></tt></a> matters, so if the same
username and password is valid in multiple backends, Django will stop
processing at the first positive match.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Once a user has authenticated, Django stores which backend was used to
authenticate the user in the user's session, and re-uses the same backend
for the duration of that session whenever access to the currently
authenticated user is needed. This effectively means that authentication
sources are cached on a per-session basis, so if you change
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-AUTHENTICATION_BACKENDS"><tt class="xref std std-setting docutils literal"><span class="pre">AUTHENTICATION_BACKENDS</span></tt></a>, you'll need to clear out session data if
you need to force users to re-authenticate using different methods. A simple
way to do that is simply to execute <tt class="docutils literal"><span class="pre">Session.objects.all().delete()</span></tt>.</p>
</div>
</div>
<div class="section" id="s-writing-an-authentication-backend">
<span id="writing-an-authentication-backend"></span><h3>Writing an authentication backend<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#writing-an-authentication-backend" title="Permalink to this headline">¶</a></h3>
<p>An authentication backend is a class that implements two methods:
<tt class="docutils literal"><span class="pre">get_user(user_id)</span></tt> and <tt class="docutils literal"><span class="pre">authenticate(**credentials)</span></tt>.</p>
<p>The <tt class="docutils literal"><span class="pre">get_user</span></tt> method takes a <tt class="docutils literal"><span class="pre">user_id</span></tt> -- which could be a username,
database ID or whatever -- and returns a <tt class="docutils literal"><span class="pre">User</span></tt> object.</p>
<p>The <tt class="docutils literal"><span class="pre">authenticate</span></tt> method takes credentials as keyword arguments. Most of
the time, it'll just look like this:</p>
<div class="highlight-python"><pre>class MyBackend(object):
    def authenticate(self, username=None, password=None):
        # Check the username/password and return a User.</pre>
</div>
<p>But it could also authenticate a token, like so:</p>
<div class="highlight-python"><pre>class MyBackend(object):
    def authenticate(self, token=None):
        # Check the token and return a User.</pre>
</div>
<p>Either way, <tt class="docutils literal"><span class="pre">authenticate</span></tt> should check the credentials it gets, and it
should return a <tt class="docutils literal"><span class="pre">User</span></tt> object that matches those credentials, if the
credentials are valid. If they're not valid, it should return <tt class="xref docutils literal"><span class="pre">None</span></tt>.</p>
<p>The Django admin system is tightly coupled to the Django <tt class="docutils literal"><span class="pre">User</span></tt> object
described at the beginning of this document. For now, the best way to deal with
this is to create a Django <tt class="docutils literal"><span class="pre">User</span></tt> object for each user that exists for your
backend (e.g., in your LDAP directory, your external SQL database, etc.) You
can either write a script to do this in advance, or your <tt class="docutils literal"><span class="pre">authenticate</span></tt>
method can do it the first time a user logs in.</p>
<p>Here's an example backend that authenticates against a username and password
variable defined in your <tt class="docutils literal"><span class="pre">settings.py</span></tt> file and creates a Django <tt class="docutils literal"><span class="pre">User</span></tt>
object the first time a user authenticates:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.conf</span> <span class="kn">import</span> <span class="n">settings</span>
<span class="kn">from</span> <span class="nn">django.contrib.auth.models</span> <span class="kn">import</span> <span class="n">User</span><span class="p">,</span> <span class="n">check_password</span>

<span class="k">class</span> <span class="nc">SettingsBackend</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span>
    <span class="sd">"""</span>
<span class="sd">    Authenticate against the settings ADMIN_LOGIN and ADMIN_PASSWORD.</span>

<span class="sd">    Use the login name, and a hash of the password. For example:</span>

<span class="sd">    ADMIN_LOGIN = 'admin'</span>
<span class="sd">    ADMIN_PASSWORD = 'sha1$4e987$afbcf42e21bd417fb71db8c66b321e9fc33051de'</span>
<span class="sd">    """</span>

    <span class="n">supports_inactive_user</span> <span class="o">=</span> <span class="bp">False</span>

    <span class="k">def</span> <span class="nf">authenticate</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">username</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
        <span class="n">login_valid</span> <span class="o">=</span> <span class="p">(</span><span class="n">settings</span><span class="o">.</span><span class="n">ADMIN_LOGIN</span> <span class="o">==</span> <span class="n">username</span><span class="p">)</span>
        <span class="n">pwd_valid</span> <span class="o">=</span> <span class="n">check_password</span><span class="p">(</span><span class="n">password</span><span class="p">,</span> <span class="n">settings</span><span class="o">.</span><span class="n">ADMIN_PASSWORD</span><span class="p">)</span>
        <span class="k">if</span> <span class="n">login_valid</span> <span class="ow">and</span> <span class="n">pwd_valid</span><span class="p">:</span>
            <span class="k">try</span><span class="p">:</span>
                <span class="n">user</span> <span class="o">=</span> <span class="n">User</span><span class="o">.</span><span class="n">objects</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">username</span><span class="o">=</span><span class="n">username</span><span class="p">)</span>
            <span class="k">except</span> <span class="n">User</span><span class="o">.</span><span class="n">DoesNotExist</span><span class="p">:</span>
                <span class="c"># Create a new user. Note that we can set password</span>
                <span class="c"># to anything, because it won't be checked; the password</span>
                <span class="c"># from settings.py will.</span>
                <span class="n">user</span> <span class="o">=</span> <span class="n">User</span><span class="p">(</span><span class="n">username</span><span class="o">=</span><span class="n">username</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="s">'get from settings.py'</span><span class="p">)</span>
                <span class="n">user</span><span class="o">.</span><span class="n">is_staff</span> <span class="o">=</span> <span class="bp">True</span>
                <span class="n">user</span><span class="o">.</span><span class="n">is_superuser</span> <span class="o">=</span> <span class="bp">True</span>
                <span class="n">user</span><span class="o">.</span><span class="n">save</span><span class="p">()</span>
            <span class="k">return</span> <span class="n">user</span>
        <span class="k">return</span> <span class="bp">None</span>

    <span class="k">def</span> <span class="nf">get_user</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">):</span>
        <span class="k">try</span><span class="p">:</span>
            <span class="k">return</span> <span class="n">User</span><span class="o">.</span><span class="n">objects</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">pk</span><span class="o">=</span><span class="n">user_id</span><span class="p">)</span>
        <span class="k">except</span> <span class="n">User</span><span class="o">.</span><span class="n">DoesNotExist</span><span class="p">:</span>
            <span class="k">return</span> <span class="bp">None</span>
</pre></div>
</div>
</div>
<div class="section" id="s-handling-authorization-in-custom-backends">
<span id="handling-authorization-in-custom-backends"></span><h3>Handling authorization in custom backends<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#handling-authorization-in-custom-backends" title="Permalink to this headline">¶</a></h3>
<p>Custom auth backends can provide their own permissions.</p>
<p>The user model will delegate permission lookup functions
(<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.get_group_permissions" title="django.contrib.auth.models.User.get_group_permissions"><tt class="xref py py-meth docutils literal"><span class="pre">get_group_permissions()</span></tt></a>,
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.get_all_permissions" title="django.contrib.auth.models.User.get_all_permissions"><tt class="xref py py-meth docutils literal"><span class="pre">get_all_permissions()</span></tt></a>,
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.has_perm" title="django.contrib.auth.models.User.has_perm"><tt class="xref py py-meth docutils literal"><span class="pre">has_perm()</span></tt></a>, and
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User.has_module_perms" title="django.contrib.auth.models.User.has_module_perms"><tt class="xref py py-meth docutils literal"><span class="pre">has_module_perms()</span></tt></a>) to any
authentication backend that implements these functions.</p>
<p>The permissions given to the user will be the superset of all permissions
returned by all backends. That is, Django grants a permission to a user that
any one backend grants.</p>
<p>The simple backend above could implement permissions for the magic admin
fairly simply:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="k">class</span> <span class="nc">SettingsBackend</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span>

    <span class="c"># ...</span>

    <span class="k">def</span> <span class="nf">has_perm</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">user_obj</span><span class="p">,</span> <span class="n">perm</span><span class="p">,</span> <span class="n">obj</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
        <span class="k">if</span> <span class="n">user_obj</span><span class="o">.</span><span class="n">username</span> <span class="o">==</span> <span class="n">settings</span><span class="o">.</span><span class="n">ADMIN_LOGIN</span><span class="p">:</span>
            <span class="k">return</span> <span class="bp">True</span>
        <span class="k">else</span><span class="p">:</span>
            <span class="k">return</span> <span class="bp">False</span>
</pre></div>
</div>
<p>This gives full permissions to the user granted access in the above example.
Notice that the backend auth functions all take the user object as an argument,
and they also accept the same arguments given to the associated
<a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">django.contrib.auth.models.User</span></tt></a> functions.</p>
<p>A full authorization implementation can be found in
<a class="reference external" href="https://code.djangoproject.com/browser/django/trunk/django/contrib/auth/backends.py">django/contrib/auth/backends.py</a>, which is the default backend and queries
the <tt class="docutils literal"><span class="pre">auth_permission</span></tt> table most of the time.</p>
<div class="section" id="s-authorization-for-anonymous-users">
<span id="s-anonymous-auth"></span><span id="authorization-for-anonymous-users"></span><span id="anonymous-auth"></span><h4>Authorization for anonymous users<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#authorization-for-anonymous-users" title="Permalink to this headline">¶</a></h4>
<div class="versionchanged">
<span class="title">Changed in Django 1.2:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.2/"><em>Please see the release notes</em></a></div>
<p>An anonymous user is one that is not authenticated i.e. they have provided no
valid authentication details. However, that does not necessarily mean they are
not authorized to do anything. At the most basic level, most Web sites
authorize anonymous users to browse most of the site, and many allow anonymous
posting of comments etc.</p>
<p>Django's permission framework does not have a place to store permissions for
anonymous users. However, it has a foundation that allows custom authentication
backends to specify authorization for anonymous users. This is especially useful
for the authors of re-usable apps, who can delegate all questions of authorization
to the auth backend, rather than needing settings, for example, to control
anonymous access.</p>
</div>
<div class="section" id="s-authorization-for-inactive-users">
<span id="authorization-for-inactive-users"></span><h4>Authorization for inactive users<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#authorization-for-inactive-users" title="Permalink to this headline">¶</a></h4>
<div class="versionadded">
<span class="title">New in Django 1.3:</span> <a class="reference internal" href="https://docs.djangoproject.com/en/1.4/releases/1.3/"><em>Please see the release notes</em></a></div>
<p>An inactive user is a one that is authenticated but has its attribute
<tt class="docutils literal"><span class="pre">is_active</span></tt> set to <tt class="xref docutils literal"><span class="pre">False</span></tt>. However this does not mean they are not
authorized to do anything. For example they are allowed to activate their
account.</p>
<p>The support for anonymous users in the permission system allows for
anonymous users to have permissions to do something while inactive
authenticated users do not.</p>
<p>To enable this on your own backend, you must set the class attribute
<tt class="docutils literal"><span class="pre">supports_inactive_user</span></tt> to <tt class="xref docutils literal"><span class="pre">True</span></tt>.</p>
<p>A nonexisting <tt class="docutils literal"><span class="pre">supports_inactive_user</span></tt> attribute will raise a
<tt class="docutils literal"><span class="pre">PendingDeprecationWarning</span></tt> if used in Django 1.3. In Django 1.4, this
warning will be updated to a <tt class="docutils literal"><span class="pre">DeprecationWarning</span></tt> which will be displayed
loudly. Additionally <tt class="docutils literal"><span class="pre">supports_inactive_user</span></tt> will be set to <tt class="xref docutils literal"><span class="pre">False</span></tt>.
Django 1.5 will assume that every backend supports inactive users being
passed to the authorization methods.</p>
</div>
</div>
<div class="section" id="s-handling-object-permissions">
<span id="handling-object-permissions"></span><h3>Handling object permissions<a class="headerlink" href="https://docs.djangoproject.com/en/1.4/topics/auth/#handling-object-permissions" title="Permalink to this headline">¶</a></h3>
<p>Django's permission framework has a foundation for object permissions, though
there is no implementation for it in the core. That means that checking for
object permissions will always return <tt class="xref docutils literal"><span class="pre">False</span></tt> or an empty list (depending on
the check performed).</p>
</div>
</div>
</div>



<div id="content-secondary">
  <h2 id="comments">Questions/Feedback</h2>
  <p>Having trouble? We'd like to help!</p>
  <ul>
    <li>
      Try the <a href="https://docs.djangoproject.com/en/1.4/faq/">FAQ</a>
      — it's got answers to many common questions.
    </li>
    <li>
      Search for information in the <a href="http://groups.google.com/group/django-users/">archives of the
      django-users mailing list</a>, or <a href="http://groups.google.com/group/django-users/">post a question</a>.
    </li>
    <li>
      Ask a question in the <a href="irc://irc.freenode.net/">#django IRC
      channel</a>, or search the <a href="http://django-irc-logs.com/">IRC
      logs</a> to see if it has been asked before.
    </li>
    <li>
      If you notice errors with this documentation, please <a href="https://code.djangoproject.com/newticket?component=Documentation">
      open a ticket</a> and let us know! Please only use the ticket tracker for
      criticisms and improvements on the docs. For tech support, use the
      resources above.
    </li>
  </ul>
</div>

		</div>
		<!-- END #content-main -->
		<div id="content-related" class="sidebar">
		
  
    <h2>Search</h2>
    
    <form action="https://docs.djangoproject.com/search/" id="sidebar_search" class="search">
  <div>
    <p>
      <input type="search" name="q" id="id_sidebar_search_q">
    </p>
    <p>
      <label for="id_sidebar_search_release">Version:</label>
      <select name="release" id="id_sidebar_search_release">
<option value="2">Django 1.0</option>
<option value="3">Django 1.1</option>
<option value="4">Django 1.2</option>
<option value="5">Django 1.3</option>
<option value="6" selected="selected">Django 1.4</option>
<option value="1">Development trunk</option>
</select>
    </p>
    <p>
      <input type="submit" class="submit" value="Search">
    </p>
  </div>
</form>
  

  
    <h2>Contents</h2>
    
      <ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#">User authentication in Django</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#overview">Overview</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#installation">Installation</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#users">Users</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#api-reference">API reference</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#fields">Fields</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#methods">Methods</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#manager-functions">Manager functions</a></li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#basic-usage">Basic usage</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#creating-users">Creating users</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#changing-passwords">Changing passwords</a></li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#how-django-stores-passwords">How Django stores passwords</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#using-bcrypt-with-django">Using bcrypt with Django</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#increasing-the-work-factor">Increasing the work factor</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#password-upgrading">Password upgrading</a></li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#anonymous-users">Anonymous users</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#creating-superusers">Creating superusers</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#storing-additional-information-about-users">Storing additional information about users</a></li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#authentication-in-web-requests">Authentication in Web requests</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#how-to-log-a-user-in">How to log a user in</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#manually-managing-a-user-s-password">Manually managing a user’s password</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#how-to-log-a-user-out">How to log a user out</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#login-and-logout-signals">Login and logout signals</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#limiting-access-to-logged-in-users">Limiting access to logged-in users</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#the-raw-way">The raw way</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#the-login-required-decorator">The login_required decorator</a></li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#module-django.contrib.auth.views">Other built-in views</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#helper-functions">Helper functions</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#module-django.contrib.auth.forms">Built-in forms</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#limiting-access-to-logged-in-users-that-pass-a-test">Limiting access to logged-in users that pass a test</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#the-permission-required-decorator">The permission_required decorator</a></li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#limiting-access-to-generic-views">Limiting access to generic views</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#function-based-generic-views">Function-based generic views</a></li>
</ul>
</li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#permissions">Permissions</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#default-permissions">Default permissions</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#custom-permissions">Custom permissions</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id5">API reference</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id6">Fields</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id7">Methods</a></li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#programmatically-creating-permissions">Programmatically creating permissions</a></li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#authentication-data-in-templates">Authentication data in templates</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id8">Users</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id9">Permissions</a></li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#groups">Groups</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id10">API reference</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#id11">Fields</a></li>
</ul>
</li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#other-authentication-sources">Other authentication sources</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#specifying-authentication-backends">Specifying authentication backends</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#writing-an-authentication-backend">Writing an authentication backend</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#handling-authorization-in-custom-backends">Handling authorization in custom backends</a><ul>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#authorization-for-anonymous-users">Authorization for anonymous users</a></li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#authorization-for-inactive-users">Authorization for inactive users</a></li>
</ul>
</li>
<li><a class="reference internal" href="https://docs.djangoproject.com/en/1.4/topics/auth/#handling-object-permissions">Handling object permissions</a></li>
</ul>
</li>
</ul>
</li>
</ul>

    
  
  
    <h2>Browse</h2>
    <ul>
      
        
          <li>Prev: <a href="https://docs.djangoproject.com/en/1.4/topics/testing/">Testing Django applications</a></li>
        
        
          <li>Next: <a href="https://docs.djangoproject.com/en/1.4/topics/cache/">Django’s cache framework</a></li>
        
        <li><a href="https://docs.djangoproject.com/en/1.4/contents/">Table of contents</a></li>
        
          <li><a href="https://docs.djangoproject.com/en/1.4/genindex/">General Index</a></li>
        
          <li><a href="https://docs.djangoproject.com/en/1.4/py-modindex/">Python Module Index</a></li>
        
      
    </ul>
  

  
    <h2>You are here:</h2>
    <ul>
      
        <li>
          <a href="https://docs.djangoproject.com/en/1.4/">Django 1.4 documentation</a>
          
            <ul><li><a href="https://docs.djangoproject.com/en/1.4/topics/">Using Django</a>
          
          <ul><li>User authentication in Django</li></ul>
          </li></ul>
        </li>
      
    </ul>

    
      <h2>Download:</h2>
      <p>
      
        Offline (Django 1.4):
        <a href="https://www.djangoproject.com/m/docs/django-docs-1.4-en.zip">HTML</a> |
        <a href="http://media.readthedocs.org/pdf/django/1.4.X/django.pdf">PDF</a> |
        <a href="http://media.readthedocs.org/epub/django/1.4.X/django.epub">ePub</a>
      
      <br>
      <span class="quiet">Provided by <a href="http://readthedocs.org/">Read the Docs</a>.
      </span></p>
    
  

		</div>
		<!-- END #content-related -->

    </div>
    <!-- END #content -->
    <div id="footer">
      <p>© 2005-2012 <a href="https://www.djangoproject.com/foundation/">Django Software Foundation</a> unless otherwise noted. Django is a registered trademark of the Django Software Foundation.
      <a href="http://mediatemple.net/">Linux Web hosting</a> graciously provided by Media Temple.
      </p>
    </div>
    <!-- END #footer -->
  </div>
  <!-- END #container -->
  


</body></html>